3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
L2TP Troubleshooting 127
# Enable L2TP service.
[secblade] l2tp enable
# Set an L2TP group.
[secblade-l2tp1] Tunnel authentication
[secblade-l2tp1] Tunnel password simple secblade
[secblade-l2tp1] Tunnel name LNS
[secblade-l2tp1] allow l2tp virtual-template 0 remote LAC
[secblade-l2tp1] quit
# Configure a static route.
[secblade] ip route-static 0.0.0.0 0 50.0.0.1
[secblade] ip route-static 10.0.0.0 24 30.0.0.1
# Quit the IPsec module configuration view.
[secblade] quit
<secblade> quit
L2TP Troubleshooting The VPN Tunnel setup process is quite complicated; only several common cases are
analyzed here. Before debugging VPN, please confirm that both LAC and LNS are
connected to a public network, and are connected correctly.
Symptom 1: User’s login fails.
Troubleshooting:
Failure causes are as follows:
■ Fail to establish a Tunnel because:
1 On LAC side, LNS addresses are improperly set.
2 On LNS side (usually is a security gateway, or a router), L2TP group that can receive
the remote end of the Tunnel is not configured. For details, refer to the description
of the allow command.
3 Tunnel authentication fails. If authentication is configured, make sure that the
same Tunnel authentication password is configured at both sides.
4 If the local end compulsorily disconnects the connection but the opposite end fails
to receive the "Disconnect" packet due to some network transmission problem,
originating Tunnel setup request without delay will fail in this case. The reason is
that both sides cannot detect the disconnected link within certain time, and the
Tunnel connections originated by two opposite ends with the same IP address are
not allowed.
■ PPP negotiation fails because :
1 Error occurs to username or password set on LAC side, or the corresponding users
are not set on LNS side.
2 LNS cannot assign addresses, e.g. because the address pool is too small or no
address pool is set at all.