L2TP VPN cannot be established on AR

Publication Date:  2018-02-10 Views:  1 Downloads:  0
Issue Description

Relevant configuration:

#

 l2tp enable

#

interface GigabitEthernet0/0/4.217

 dot1q termination vid 217

 ip binding vpn-instance internet

 ip address xxx.xxx.156.54 255.255.255.128

 nat outbound 2999

#

l2tp-group 1

 undo tunnel authentication

 allow l2tp virtual-template 1

#

local-user huawei password cipher %^%#gZFbFDC\w.%q9U>ule1%4#T:<(#9S![7A)R|y!z)%^%#

 local-user huawei privilege level 0

 local-user huawei service-type ppp

#

ip pool l2tpLns1

 gateway-list 192.168.200.1

 network 192.168.200.0 mask 255.255.255.0

#


Handling Process

Debugging l2tp:

-          <Huawei>display l2tp tunnel

-          <Huawei>display l2tp session

-          <Huawei>terminal monitor

-          <Huawei>terminal debugging

-          <Huawei>debugging l2tp all

-          <Huawei>debugging ppp all

From the debugging collected from the AR router we noticed that we l2tp error is because invalid request.

Jan 30 2018 18:43:14.110.1+00:00 Huawei L2TP/7/L2TDBG:

  Recv SCCRQ:

      Tunnel:1,  state:1

      From:193.109.59.5

      VPN-Index:1

<Huawei>

Jan 30 2018 18:43:14.110.2+00:00 Huawei L2TP/7/L2TDBG:

L2tp CONTRL:  Check SCCRQ MSG Type 1

<Huawei>

Jan 30 2018 18:43:14.110.3+00:00 Huawei L2TP/7/L2TDBG:

 L2tp ERROR: Invalid Requested Host.

Root Cause

Because he has the ip binding vpn-instance internet command bind on the interface he will have to add the remote remote-name parameter (PC host name)  and the vpn-instance vpn-instance-name to the l2tp-group 1

Solution

#

l2tp-group 1

 undo tunnel authentication

 allow l2tp virtual-template 1  remote test-host vpn-instance internet

#

Or remove the command ip binding vpn-instance internet from the interface configuration.

END