An L2TP Tunnel Fails to Be Established Because of an Incorrect Remote Tunnel Name

Publication Date:  2015-07-03 Views:  302 Downloads:  0
Issue Description
Networking:

As shown in Figure 4-14, a PC attempts to establish an L2TP tunnel with the USG. The PC serves as a client, and the USG serves as an LNS. If the L2TP tunnel is established, the PC can access the server.

Figure 4-14 Networking where an L2TP tunnel fails to be established because of an incorrect remote tunnel name




Fault Symptom:

When the PC dials up, the system displays a message indicating that the link protocol negotiation stops and the L2TP tunnel cannot be established.
Handling Process
1. Run the debug l2tp packet command in the user view. The debugging information in the command output is as follows:

USG %%01L2TP/8/L2TDBG(d):  L2TP::Check SCCRQ MSG Type 1
USG %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Protocol version:  100
USG %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Framing capability : 1
USG %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Bearer capability, value: 0
USG %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Firmware revision, value: 1280
USG %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Host name, value: maple-54b168e59
USG %%01L2TP/8/L2TDBG(d):  L2TP::requested host isn't in the define l2tp group , refuse the requested
USG %%01L2TP/8/L2TDBG(d):  L2TP::Clear Calls On Tunnel ID=1 Reason=1


L2TP::requested host isn't in the define l2tp group indicates that the host that requests to establish a connection is not defined in the L2TP group. The possible cause is that the tunnel name sent by the PC is different from the remote tunnel name configured on the USG.

2. The PC uses a computer name as a tunnel name to initiate an L2TP negotiation. Use the following method to view the computer name of the PC:




Run the following command to configure the remote tunnel name to client1 on the USG:

allow l2tp virtual-template 1 remote client1

The computer name of the PC is different from the remote tunnel name on the USG, causing an L2TP negotiation failure.
Root Cause
The L2TP tunnel name sent by the PC to the USG is different from the one configured on the USG, causing a failure to find a matching L2TP group. 
Solution
Use either of the following methods to resolve the problem:

 Change the computer name of the PC.
Change the computer name of the PC to client1.

 Change the remote tunnel name on the USG.
Change allow l2tp virtual-template 1 remote client1 to allow l2tp virtual-template 1 on the USG.


NOTE:
You can choose to configure a remote L2TP tunnel name in the l2tp-group 1 view but must configure a remote tunnel name in other l2tp-group views.

END