280
Troubleshooting L2TP
The VPN connection setup process is complex. The following presents an analysis of some common
faults that might occur in the process. Before troubleshooting the VPN, make sure the LAC and LNS
are connected correctly across the public network.
Symptom 1
Users cannot log in.
Analysis and solution
Possible reasons for login failure include:
• Tunnel setup failure, which might occur in the following cases:
{ The address of the LNS is set incorrectly on the LAC.
{ No L2TP group is configured on the LNS (usually a router) to receive calls from the tunnel
peer. For details, see the description of the allow command.
{ Tunnel authentication fails. Tunnel authentication must be enabled on both the LAC and
LNS and the tunnel authentication passwords configured on the two sides must match.
{ If the tunnel is torn down by force on the local end but the remote end has not received the
notification packet for reasons such as network delay, a new tunnel cannot be set up.
• PPP negotiation failure, which might occur because:
{ Usernames, passwords, or both are incorrectly configured on the LAC or are not configured
on the LNS.
{ The LNS cannot allocate addresses. This might be because the address pool is too small or
no address pool is configured.
{ The authentication type is inconsistent. For example, the default authentication type for a
VPN connection created on Windows 2000 is Microsoft Challenge Handshake
Authentication Protocol (MS-CHAP), and if the remote end does not support MS-CHAP, the
PPP negotiation will fail. In this case, CHAP is recommended.
Symptom 2
Data transmission fails. A connection is set up, but data cannot be transmitted. For example, the LAC
and LNS cannot ping each other.
Analysis and solution
Possible reasons for data transmission failure include:
• No route is available. The LAC (or LAC client) must have a route to the private network behind
the LNS, and the LNS must have a route to the private network behind the LAC. Otherwise,
data transmission fails. You can use the display ip routing-table command on the LAC (LAC
client) and LNS to check whether the expected routes are present. If not, configure a static
route or configure a dynamic routing protocol.
• Congestion occurs on the Internet backbone and packet loss ratio is high. L2TP data
transmission is based on UDP, which does not provide the packet error control function. If line
quality is unstable, the LAC and LNS might be unable to ping each other and L2TP applications
might fail.
To Next Page
Loading...
Need help?
General
