Because a Remote Tunnel Name is Configured for L2TP on the USG5300, a Tunnel Cannot be Established

Publication Date:  2012-07-16 Views:  419 Downloads:  0
Issue Description
The USG5300 acts as the L2TP LNS, and a PC serves as a client that initiates an L2TP connection by dialing up. When a user dials up on the PC, the PC prompts the user that the L2TP connection fails to be established because the link protocol is terminated.
Alarm Information
Handling Process
1.          Check the device configuration. No error is found.
2.          Run the debug l2tp packet command. The displayed packet information is as follows:
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Check SCCRQ MSG Type 1
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Protocol version:  100
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Framing capability : 1
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Bearer capability, value: 0
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Firmware revision, value: 1280
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Parse AVP Host name, value: maple-54b168e59
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::requested host isn't in the define l2tp group , refuse the requested
USG5320 %%01L2TP/8/L2TDBG(d):  L2TP::Clear Calls On Tunnel ID=1 Reason=1
The previous information indicates that the failure in establishing the connection is caused by the L2TP group name inconsistency.
3.          Check the configuration on the PC and find that the PC host name is inconsistent with the one configured on the USG5300. The information is as follows:
allow l2tp virtual-template 1 remote client1
4.         Delete remote client 1 or change the PC host name to client 1. Dial up again. The problem is rectified.
Root Cause

1.          The LNS configuration is incorrect.

2.          The configuration on the PC is improper.

In this case, the problem is caused by an authentication failure due to inconsistency between the tunnel name sent by the PC to the LNS and the one configured on the LNS.

1.      Generally, when a PC serves as the LAC, it sends its host name as the tunnel name. In this case, ensure that the tunnel name configured by running the allow l2tp virtual-template 1 remote command on the LNS is the same as the PC host name, or do not configure the tunnel name on the LNS. 

2.      You are not advised to configure the LAC name of group 1 of l2tp-group so that the LNS allows all LAC access.