Manualshelf

R3303-HP HSR6800 Routers Layer 2 - WAN Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
101102103104105106107108109110
97
Troubleshooting L2TP
The VPN connection setup process is complex. The following presents an analysis of some common faults
that may occur in the process. Before troubleshooting the VPN, make sure that the LAC and LNS are
connected properly across the public network.
Symptom 1
Users cannot log in.
Analysis and solution
Possible reasons for login failure include:
Tunnel setup failure, which may occur in the following cases:
{ The address of the LNS is set incorrectly on the LAC.
{ No L2TP group is configured on the LNS (usually a router) to receive calls from the tunnel peer.
For details, see the description of the allow command.
{ Tunnel authentication fails. Tunnel authentication must be enabled on both the LAC and LNS
and the tunnel authentication keys configured on the two sides must match.
{ If the tunnel is torn down by force on the local end but the remote end has not received the
notification packet for reasons such as network delay, a new tunnel cannot be set up.
PPP negotiation failure, which may occur for the following reasons:
{ Usernames, passwords, or both are incorrectly configured on the LAC or are not configured on
the LNS.
{ The LNS cannot allocate addresses. This may be because the address pool is too small or no
address pool is configured.
{ The authentication type is inconsistent. For example, if the default authentication type for a VPN
connection created on Windows 2000 is MS-CHAP but the remote end does not support
MS-CHAP, the PPP negotiation will fail. In this case, change the authentication type to CHAP.
Symptom 2
Data transmission fails. A connection is setup but data cannot be transmitted. For example, the LAC and
LNS cannot ping each other.
Analysis and solution
Possible reasons for data transmission failure are as follows:
No route is available. The LAC (or LAC client) must have a route to the private network behind the
LNS and the LNS must have a route to the private network behind the LAC. Otherwise, data
transmission fails. You can use the display ip routing-table command on the LAC (LAC client) and
LNS to check whether the expected routes are present. If not, configure a static route or configure a
dynamic routing protocol.
Congestion occurs on the Internet backbone and packet loss ratio is high. L2TP data transmission
is based on UDP, which does not provide the packet error control function. If the line is unstable, the
LAC and LNS may be unable to ping each other and L2TP applications may fail.