The Problem of L2TP over Ipsec Dial-Up Abnormal

Publication Date:  2012-09-12 Views:  78 Downloads:  0
Issue Description
Dial-up will not be successful by L2TP over IPSec if the private network IP of external network is 192.168.1.0 network segment address. It will clue on saturation overtime in step 3. Dial-up will be successful by L2TP over IPSec if the private network IP of external network is not 192.168.1.0 network segment address.
Alarm Information
NULL
Handling Process
It confirm that current configuration of equipment is normal after checking configuration, testing and packet capturing analysis. But there is 192.168.1.0 private network route in internal network. i.e. IPSec return route was sent to 192.168.1.0 of LAN, not the other side client-side that made L2TP over IPSec cannot be built, it is suggested that clients adjust LAN route programming by themselves or abandon L2TP over IPSec VPN.
Root Cause
It is doubted that route clash lead to abnormal dial-up
Suggestions
When the failure like this appears, don’t judge subjectively that configuration was wrong or configuration limit, it is necessary to look up and analyze considering  whole situation information.

END