No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Due to peer end LNS does not support the non-1701 l2tp, USG2110 ride through

Publication Date:  2012-11-27 Views:  97 Downloads:  0
Issue Description
Networking: PC---USG2110----LNS
PC through the USG2110 do NAT access LNS to establish l2tp VPN, the tunnel cannot be established all the time, PC can dial-up to access network if steered clear of USG2110.
Alarm Information
None.
Handling Process
 1. Through inspected firewall configuration, the inter-domain rules are all unlocked, eliminated configuration problem.
2. L2tp is single channel, does not exist ride-through problems.
3. Through analysis L2TP protocol, under normal circumstances the source port and destination port of L2TP message are the 1701 port of the udp, through checking firewall’s session table, the source port of PC is converted into other port, we suspected that the problem is caused by the source port has been converted.
4, In order to verify this problem, added “no-pat” parameter when configure nat in the inter-domain, the effect of this parameter is not do port multiplexing and do not change the source port. After completed the configuration, PC can establish l2tp VPN normally.
5. Suggest the users to change the LNS settings of the peer end, make it support the non-1701 port dialing in, or use USG2110 as LAC, or increase public IP, use “no-pat” way access the Internet.
Root Cause
1. May be the policy configuration problem, which causes l2tp message can't get through.
2. May be the USG2110 l2tp has problem in ride-through.
Suggestions
It is suggested to have some knowledge about the common protocol, it will be contribute to locate problem.

END