R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
118
• On Host B, enter vpdn2@aaa.net as the username and 22222 as the password in the dial-up
terminal window.
4. Verify the configurations
# After Host A establishes a dial-up connection with enterprise 1, Host A gets IP address 10.0.1.10 and
can ping the private address of the LNS (10.0.1.1).
# After Host B establishes a dial-up connection with enterprise 2, Host B gets IP address 10.0.2.10 and
can ping the private address of the LNS (10.0.2.1).
# On the LNS, use the display l2tp session command to check the L2TP sessions established.
[LNS-l2tp1] display l2tp session
Total session = 2
LocalSID RemoteSID LocalTID
17345 4351 1
23914 10923 2
# On the LNS, use the display l2tp tunnel command to check the L2TP tunnels established.
[LNS-l2tp1] display l2tp tunnel
Total tunnel = 2
LocalTID RemoteTID RemoteAddress Port Sessions RemoteName
1 1 1.1.2.1 1701 1 LAC-1
2 2 1.1.2.1 1701 1 LAC-2
Complicated network application
A security gateway can simultaneously serve as an LAC and an LNS. Additionally, it can support more
than one incoming call. If memory and physical lines are enough, L2TP can receive and make multiple
calls at the same time. See the previous examples for complex network configurations.
Many L2TP applications rely on static routes to initiate connection requests.
Troubleshooting L2TP
The VPN connection setup process is rather complicated. The following presents an analysis of some
common faults occurred in the process. Before troubleshooting the VPN, make sure that the LAC and LNS
are connected properly across the public network.
Symptom 1
Users cannot log in.
Analysis and solution
Possible reasons for login failure are as follows:
1. Tunnel setup failure, which may occur in the following cases:
• The address of the LNS is set incorrectly on the LAC.
• No L2TP group is configured on the LNS to receive calls from the tunnel peer. For more information,
see the description of the allow command.