Table of Contents
Advertisement
Chapter 22 L2TP VPN
Tip: If a client reconnects right after it is disconnected, the reconnection may fail. Wait 60 seconds
before reconnecting.
An L2TP client is disconnected unexpectedly.
4
Tip: An L2TP connection will be dropped when one of the followings occurs on the SBG3500-N:
(1) Client has no activity for a period of time.
(2) Client loses connectivity to the SBG3500-N for a period of time.
(3) Any IPSec VPN configuration change is applied on the SBG3500-N.
(4) Either Default_L2TPVPN IPSec configuration or L2TP VPN is disabled on the SBG3500-N.
(5) When any one of these configuration changes is applied on the SBG3500-N: WAN Interface
used for L2TP VPN, IP Address Pool, Access Group.
(6) The SBG3500-N WAN interface on which the L2TP connection established is disconnected.
An L2TP client is connected successfully but cannot access the local host or server behind the
5
SBG3500-N.
Tip: This may be caused by one of the followings:
(1) The local host or server is disconnected.
(2) The Access Group is not configured correctly. From the SBG3500-N's GUI, go to the VPN >
L2TP VPN > Setup screen to check. Note that all local hosts are by default accessible unless
Access Group is configured.
(3) IP Address Pool for L2TP VPN is conflicting with any WAN, LAN, DMZ, WLAN, or PPTP VPN
subnet configured on the SBG3500-N. Note that IP Address Pool for L2TP VPN has 24-bit netmask
and should not conflict with any others listed above even if they are not in use.
An L2TP client is connected successfully but cannot browse Internet.
6
Tip: From the SBG3500-N's GUI, click VPN > L2TP VPN > Setup. Check if DNS Server is
configured. A client cannot browse Internet without DNS resolved. Note that when a new DNS
Server is configured, the client must disconnect then reconnect in order for the new DNS Server to
take effect.
The L2TP client can no longer connect to SBG3500-N after the Encryption or Authentication for
7
the Default_L2TPVPN IPSec VPN rule is changed.
Tip: A user usually do not need change the default Encryption or Authentication algorithms in
the Default_L2TPVPN IPSec VPN rule. The default Encryption and Authentication algorithms
should support the built-in L2TP/IPSec client software in the popular operating systems (Windows
(XP, Vista, 7), Android, and iOS).
Refer to
Table 90 on page 266
As a reference,
the popular operating systems during IPSec phase 1 negotiation. The first proposal that can be
supported by the phase 1 setting in the Default_L2TPVPN IPSec VPN rule will be accepted by the
284
for the default setting of the Default_L2TPVPN IPSec VPN rule.
Table 102 on page 285
lists the IPSec proposals provided by a built-in L2TP client in
SBG3500-N000 User's Guide
Advertisement
Table of Contents
Troubleshooting
