Symptom 2, Analysis and solution – H3C Technologies H3C SecPath F1000-E User Manual
Page 286
274
{
The authentication type is inconsistent. For example, the default authentication type for a VPN
connection created on Windows 2000 is Microsoft Challenge Handshake Authentication
Protocol (MSCHAP). If the remote end does not support MSCHAP, the PPP negotiation will fail.
H3C recommends using CHAP.
Symptom 2
Data transmission fails. A connection is setup but data cannot be transmitted. For example, the LAC and
LNS cannot ping each other.
Analysis and solution
Possible reasons for data transmission failure include:
1.
No route is available. The LAC (or LAC client) must have a route to the private network behind the
LNS and the LNS must have a route to the private network behind the LAC. Otherwise, data
transmission fails. You can use the display ip routing-table command on the LAC (LAC client) and
LNS to check whether the expected routes are present. If not, configure a static route or configure
a dynamic routing protocol.
2.
Congestion occurs on the Internet backbone and packet loss ratio is high. L2TP data transmission
is based on UDP, which does not provide the packet error control function. If the line is unstable,
the LAC and LNS may be unable to ping each other and L2TP applications may fail.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS