Complicated Network Application; Troubleshooting L2Tp - H3C SR6600 Configuration Manual

Layer 2 – wan configuration

Hide thumbs Also See for SR6600:

Command reference manual (265 pages)

Fundamentals configuration manual (184 pages)

Configuration manual (143 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

Table of Contents

[LNS-l2tp1] display l2tp tunnel

Total tunnel = 2

LocalTID RemoteTID RemoteAddress

Complicated Network Application

A security gateway can serve as an LAC and an LNS simultaneously. Additionally, it has the

ability to support more than one incoming call. Should there be enough memory and

physical lines, L2TP can receive and make multiple calls at the same time. You can see the

above examples for complicated network configuration.

Note that many L2TP applications rely on static routes to initiate connection requests.

Troubleshooting L2TP

The VPN connection setup process is rather complicated. The following presents an

analysis of some common faults occurred in the process. Before troubleshooting the VPN,

make sure that the LAC and LNS are connected properly across the public network.

Symptom 1: Users cannot log in.

Analysis and solution:

Possible reasons for login failure are as follows:

1) Tunnel setup failure, which may occur in the following cases:

The address of the LNS is set incorrectly on the LAC.

No L2TP group is configured on the LNS (usually a router) to receive calls from the

tunnel peer. For more information, see the description of the allow command.

Tunnel authentication fails. For successful tunnel authentication, tunnel authentication

must be enabled on both the LAC and LNS and the passwords for tunnel authentication

configured on the two sides must match.

If the tunnel is torn down by force on the local end but the remote end has not received

the notification packet for reasons such as network delay, a new tunnel cannot be set

up.

2) PPP negotiation failure, which may occur in the following cases:

The usernames and/or passwords are incorrectly configured on the LAC or not

configured on the LNS.

The LNS cannot allocate addresses. This may be because the address pool is too small

or no address pool is configured.

The authentication type is inconsistent. For example, if the default authentication type

for a VPN connection created on Windows 2000 is Microsoft Challenge Handshake

Authentication Protocol (MSCHAP) but the remote end does not support MSCHAP,

PPP negotiation will fail. In this case, CHAP is recommended.

Symptom 2: Data transmission fails. A connection is setup but data cannot be transmitted.

For example, the LAC and LNS cannot ping each other.

Analysis and solution:

1.1.2.1

4-91

Port

Sessions RemoteName

1701

LAC-1

1701

LAC-2

Table of Contents

Complicated Network Application; Troubleshooting L2Tp - H3C SR6600 Configuration Manual

Complicated Network Application

Troubleshooting L2TP

Troubleshooting

Related Manuals for H3C SR6600

Related Content for H3C SR6600

Table of Contents