L2tp LNS function of firewall doesn’t support the application scene that dialing interface of firewall through GLOBAL address of Nat Server, reasons as bellow:
Analysis problem with packet capturing between firewall and LAC. Finding out that the ping message send by client encapsulated to the head of new ip by l2tp, the destination ip is 22.214.171.124(global ip address of nat server).
After the ping reply message which firewall replied encapsulated by l2tp, the source ip address is 10.86.1.38
The problem is obvious after packet capturing, l2tp data message replied by firewall hasn’t transformed to 126.96.36.199 by nat, so, ping VT interface failed.
Annotation: for message encapsulated by l2tp, firewall sends them out directly, without firewall process, without nat address translation.