Complicated network application, Troubleshooting l2tp, Symptom 1 – H3C Technologies H3C SecPath F1000-E User Manual

Page 285: Analysis and solution

273

Total session = 2

LocalSID RemoteSID LocalTID

17345 4351 1

23914 10923 2

# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels.

[LNS-l2tp1] display l2tp tunnel

Total tunnel = 2

LocalTID RemoteTID RemoteAddress Port Sessions RemoteName

1 1 1.1.2.1 1701 1 LAC-1

2 2 1.1.2.1 1701 1 LAC-1

Complicated network application

A security gateway can simultaneously serve as an LAC and an LNS. Additionally, it can support more

than one incoming call. If memory and physical lines are enough, L2TP can receive and make multiple
calls at the same time. For such a complicated network, you can see through the previous configuration

examples and consider them comprehensively to find a configuration solution.
Pay attention to static route configuration. Many L2TP applications rely on static routes to initiate

connection requests.

Troubleshooting L2TP

The VPN connection setup process is complex. The following presents an analysis of some common faults

that may occur in the process. Before troubleshooting the VPN, make sure that the LAC and LNS are

connected properly across the public network.

Symptom 1

Users cannot log in.

Analysis and solution

Possible reasons for login failure include:

Tunnel setup failure, which may occur in the following cases:

{

The address of the LNS is set incorrectly on the LAC.

{

No L2TP group is configured on the LNS (usually a router) to receive calls from the tunnel peer.
For details, see the description of the allow command.

{

Tunnel authentication fails. Tunnel authentication must be enabled on both the LAC and LNS
and the tunnel authentication passwords configured on the two sides must match.

{

If the tunnel is torn down by force on the local end but the remote end has not received the
notification packet for reasons such as network delay, a new tunnel cannot be set up.

PPP negotiation failure, which may occur because:

{

Usernames, passwords, or both are incorrectly configured on the LAC or are not configured on
the LNS.

{

The LNS cannot allocate addresses. This may be because the address pool is too small or no
address pool is configured.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS