Introduction

This solution shows an option for connecting two locations over IPSec with overlapping or identical IP network ranges (e.g. Location A: 192.168.1.0/24 and Location B: 192.168.1.0/24).

In this case IPSec does not function, as IPSec requires different IP networks between the locations being networked to function as a Layer3 (IP Layer) protocol. This workshop shows how the security of IPSec can continue to be used for location networking in such a case.

Configuration in this scenario is carried out using the GUI™ (Graphical User Interface).

To solve this problem, L2TP (Layer2 Tunnelling Protocol) can be used as a transport protocol. L2TP offers the option to create bridge connections over routed IP connections. In our example, this means that the locations are connected over IPSec and that the actual traffic tunnelled in L2TP is routed via the IPSec tunnel.

Example scenario

The user data is routed via the L2TP tunnel and the L2TP packets are sent over the IPSec tunnel.

Requirements

The following are required for the configuration:

  1. Two bintec ADSL gateways, e.g. bintec be.IP plus™

  2. A boot image of version 7.9.1 or later.

  3. Both gateways require an independent connection to the Internet.

Notes on test setup

bintec be.IP plusLocation A

System name be.IP_plus-1
LAN IP address 192.168.1.253
LAN IP subnet mask 255.255.255.0
Public Internet IP address 10.1.1.1 (a host name can also be used here)
Local IP address of the IPSec interface 1.1.1.1 (any private IP address)
Local IP address of the L2TP interface 1.1.1.3

bintec be.IP plusLocation B

System name be.IP_plus-2
LAN IP address 192.168.1.254
LAN IP subnet mask 255.255.255.0
Public Internet IP address 10.1.1.4 (a host name can also be used here)
Local IP address of the IPSec interface 1.1.1.2 (any private IP address)
Local IP address of the L2TP interface 1.1.1.4

Copyright© Version 01/2020 bintec elmeg GmbH