Chapter 24 L2TP VPN
SBG3500-N Series User’s Guide
303
(1) Client has no activity for a period of time.
(2) Client loses connectivity to the SBG3500-N Series for a period of time.
(3) Any IPSec VPN configuration change is applied on the SBG3500-N Series.
(4) Either Default_L2TPVPN IPSec configuration or L2TP VPN is disabled on the SBG3500-N Series.
(5) When any one of these configuration changes is applied on the SBG3500-N Series: WAN
Interface used for L2TP VPN, IP Address Pool, Access Group.
(6) The SBG3500-N Series WAN interface on which the L2TP connection established is
disconnected.
5 An L2TP client is connected successfully but cannot access the local host or server behind the
SBG3500-N Series.
Tip: This may be caused by one of the followings:
(1) The local host or server is disconnected.
(2) The Access Group is not configured correctly. From the SBG3500-N Series’s GUI, go to the VPN
> L2TP VPN > Setup screen to check. Note that all local hosts are by default accessible unless
Access Group is configured.
(3) IP Address Pool for L2TP VPN is conflicting with any WAN, LAN, DMZ, WLAN, or PPTP VPN
subnet configured on the SBG3500-N Series. Note that IP Address Pool for L2TP VPN has 24-bit
netmask and should not conflict with any others listed above even if they are not in use.
6 An L2TP client is connected successfully but cannot browse Internet.
Tip: From the SBG3500-N Series’s GUI, click VPN > L2TP VPN > Setup. Check if DNS Server is
configured. A client cannot browse Internet without DNS resolved. Note that when a new DNS
Server is configured, the client must disconnect then reconnect in order for the new DNS Server to
take effect.
7 The L2TP client can no longer connect to SBG3500-N Series after the Encryption or
Authentication for the Default_L2TPVPN IPSec VPN rule is changed.
Tip: A user usually do not need change the default Encryption or Authentication algorithms in
the Default_L2TPVPN IPSec VPN rule. The default Encryption and Authentication algorithms
should support the built-in L2TP/IPSec client software in the popular operating systems (Windows
(XP, Vista, 7), Android, and iOS).
Refer to Table 104 on page 285 for the default setting of the Default_L2TPVPN IPSec VPN rule.
As a reference, Table 116 on page 304 lists the IPSec proposals provided by a built-in L2TP client in
the popular operating systems during IPSec phase 1 negotiation. The first proposal that can be
supported by the phase 1 setting in the Default_L2TPVPN IPSec VPN rule will be accepted by the
SBG3500-N Series. The algorithms in red in Table 116 on page 304 indicate the ones that will be
accepted based on Table 104 on page 285.
To Next Page
Loading...
