Customer wants to have a access to Company's data resources during his business journeys. He will be connected to internet and using VPN he will reach Company's network independently on the place of actual connection to internet. Company's gateway router will provide LNS (L2TP Network Server) and customer will be a client of LNS.
We can not establish L2TP tunnel between client's workstation (MS Windows XP) and router AR 28-31.
Configuration of WXP and router seems to be OK.
CHECKING THE CONFIGURATION OF LNS and WXP CLIENT:
L2TP configuration of router AR 28-31 (role LNS):
interface Ethernet0/0 #Enter E0/0 interface view
ip address 22.214.171.124 255.255.255.240 #Set local interface IP address
l2tp enable #Enable L2TP (required)
l2tpmoreexam enable #Enable L2TP multi-instance function (optional)
l2tp-group 1 #Create L2TP group (required)
allow l2tp virtual-template 0 #Assign L2TP tunnel to Virtual-template 0
ip pool 0 10.1.1.3 10.1.1.10 #Define IP pool No. 0 from 10.1.1.3 to 10.1.1.10
interface Virtual-Template0 #Create virtual template (required)
ppp authentication-mode chap #Enable CHAP authentication
ip address 10.1.1.1 255.255.255.0 #Set local VPN IP address
remote address pool 0 #Assign remote IP address pool
aaa enable #Enable Authentication, Authorization, Accounting
local-user user password simple Huawei #Create local user “user” with password “Huawei”
local-user hw level 3 #Set the user level to 3 (the highest)
user-interface vty 0 4 #Enter “user-interface” view
authentication-mode scheme default - Set authentication mode to scheme
L2TP configuration of client (MS Windows XP):
Enter window: “Network Connections” → “New Connection Wizard” → “Connect to the network at my workplace” → “Virtual Private Network connection” → add “Connection name” → set “Do not dial the initial connection” → add “VPN server connection”. Just VPN client was created.
In “Properties” of “this VPN client set up:
Host: 126.96.36.199 - Define LNS IP address
Data encryption: No encryption allowed - Disable Data encryption
Allow protocols: CHAP - Enable CHAP authentication protocol
Type of VPN: L2TP IPSec VPN - Set type of VPN
Type of VPN � Settings: Enable only item: “Negotiate Multi-link For Single Link Connection”
TCP/IP: Obtain an IP address automatically - Client will lease IP from LNS
After this configuration everything should work properly. But the VPN client can not establish the connection. MS Windows XP is reporting alert message “Error 789“.
- Configure WAN interface of the router
- Configure connection of workstation (PC) to the internet
- Try ping to WAN interface of the router (must receive echo)
- Configure MS WXP client and LNS server according to manual
- Run debugging of L2TP packets on LNS
- Try to establish connection from WXP VPN wizard
- If debugging do not receive any L2TP packet then check WXP registry
- WXP registry must contain key “ProhibitIPSec”, if not then add it
- Establish L2TP tunnel