Complicated network application, Troubleshooting l2tp, Symptom 1 – H3C Technologies H3C SecPath F1000-E User Manual
Page 285: Analysis and solution
273
Total session = 2
LocalSID RemoteSID LocalTID
17345 4351 1
23914 10923 2
# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels.
[LNS-l2tp1] display l2tp tunnel
Total tunnel = 2
LocalTID RemoteTID RemoteAddress Port Sessions RemoteName
1 1 1.1.2.1 1701 1 LAC-1
2 2 1.1.2.1 1701 1 LAC-1
Complicated network application
A security gateway can simultaneously serve as an LAC and an LNS. Additionally, it can support more
than one incoming call. If memory and physical lines are enough, L2TP can receive and make multiple
calls at the same time. For such a complicated network, you can see through the previous configuration
examples and consider them comprehensively to find a configuration solution.
Pay attention to static route configuration. Many L2TP applications rely on static routes to initiate
connection requests.
Troubleshooting L2TP
The VPN connection setup process is complex. The following presents an analysis of some common faults
that may occur in the process. Before troubleshooting the VPN, make sure that the LAC and LNS are
connected properly across the public network.
Symptom 1
Users cannot log in.
Analysis and solution
Possible reasons for login failure include:
1.
Tunnel setup failure, which may occur in the following cases:
{
The address of the LNS is set incorrectly on the LAC.
{
No L2TP group is configured on the LNS (usually a router) to receive calls from the tunnel peer.
For details, see the description of the allow command.
{
Tunnel authentication fails. Tunnel authentication must be enabled on both the LAC and LNS
and the tunnel authentication passwords configured on the two sides must match.
{
If the tunnel is torn down by force on the local end but the remote end has not received the
notification packet for reasons such as network delay, a new tunnel cannot be set up.
2.
PPP negotiation failure, which may occur because:
{
Usernames, passwords, or both are incorrectly configured on the LAC or are not configured on
the LNS.
{
The LNS cannot allocate addresses. This may be because the address pool is too small or no
address pool is configured.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS