No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Dialup Through L2TP over IPSec on USG5320 Fails

Publication Date:  2013-12-31 Views:  102 Downloads:  0
Issue Description

L2TP over IPSec is configured on the USG5320, and the AR1220's IP address 218.8.213.146 is mapped to the USG5320's IP address 192.168.100.2. A PC fails to perform a dialup operation through L2TP over IPSec, but can perform a dialup operation through L2TP.
Alarm Information
None
Handling Process
1. Check the L2TP session on the USG5320.
udp  VPN:public --> public
  Zone: untrust--> untrust  TTL: 00:02:00  Left: 00:01:26
  Interface: Ethernet0/0/0  NextHop: 192.168.100.1  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:12 bytes:1474
  192.168.253.10:45094-->218.8.213.146:1701
The destination IP address is the AR's public IP address.
2. Change the L2TP network server (LNS) IP address to the USG5320's IP address 192.168.100.2 on the VPN client.
Check the L2TP session on the USG5320 again.
udp  VPN:public --> public
  Zone: untrust--> local  TTL: 00:02:00  Left: 00:02:00
  Interface: InLoopBack0  NextHop: 127.0.0.1  MAC: 00-00-00-00-00-00
  <--packets:20 bytes:1247   -->packets:17 bytes:1048
  192.168.253.10:18983-->192.168.100.2:1701
The dialup operation succeeds.
Root Cause
1. Route fault
2. Other faults
Suggestions
When address mapping is configured in the L2TP over IPSec scenario, pay attention to the L2TP LNS IP address configuration.

END