Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
121122123124125126127128129130
119
Tunnel authentication fails. For successful tunnel authentication, tunnel authentication must be
enabled on both the LAC and LNS and the passwords for tunnel authentication configured on the
two sides must match.
If the tunnel is torn down by force on the local end but the remote end has not received the
notification packet for reasons such as network delay, a new tunnel cannot be set up.
2. PPP negotiation failure, which may occur in the following cases:
The usernames and/or passwords are incorrectly configured on the LAC or not configured on the
LNS.
The LNS cannot allocate addresses. This may be because the address pool is too small or no
address pool is configured.
The authentication type is inconsistent. For example, if the default authentication type for a VPN
connection created on Windows 2000 is Microsoft Challenge Handshake Authentication Protocol
(MSCHAP) but the remote end does not support MSCHAP, PPP negotiation will fail. In this case,
change the authentication type to CHAP.
Symptom 2
Data transmission fails. A connection is setup but data cannot be transmitted. For example, the LAC and
LNS cannot ping each other.
Analysis and solution
Possible reasons for data transmission failure are as follows:
1. The user address is set incorrectly. Usually, the address of a user is allocated by the LNS. However
it can also be set by the user. If the address set by the user is not in the same network segment as
that allocated by the LNS, data transmission fails. HP recommends that the LNS allocates
addresses for users.
2. Congestion occurs on the Internet backbone and the packet loss ratio is high. L2TP data
transmission is based on UDP, which does not provide the packet error control function. If the line
is not stable, the LAC and LNS may not be able to ping each other and L2TP applications may fail.