No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
An AR Cannot Establish an L2TP Tunnel

An AR Cannot Establish an L2TP Tunnel

This section provides a troubleshooting case for the fault that an AR cannot establish an L2TP tunnel.

Networking

Figure 25-28  Establishing an L2TP tunnel between a remote dialup user and the headquarters based on the authentication domain

LNS configurations:

#
 l2tp enable                               
#
acl number 2001                         
 rule 5 permit source 192.168.1.0 0.0.0.255
#
ip pool lns                             
 gateway-list 192.168.1.1
 network 192.168.1.0 mask 255.255.255.0
#
aaa                                   
 authentication-scheme lmt                                                      
 domain huawei.com
  authentication-scheme lmt
 local-user 123456789@huawei.com password cipher %^%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%^%#
 local-user 123456789@huawei.com privilege level 0  
 local-user 123456789@huawei.com service-type ppp
#
interface GigabitEthernet1/0/0.1
 dot1q termination vid 217
 ip binding vpn-instance internet
 ip address 202.1.1.1 255.255.255.0
 nat outbound 2999                       
#
interface Virtual-Template1              
 ppp authentication-mode chap domain huawei.com   
 remote address pool lns
 ppp ipcp dns 10.10.10.10                
 ip address 192.168.1.1 255.255.255.0
#
l2tp-group 1                           
 undo tunnel authentication           
 allow l2tp virtual-template 1
#
return

Fault Description

An AR cannot establish an L2TP tunnel.

Fault Analysis

  1. On the LNS, run the debugging l2tp all command.
    <Huawei> terminal monitor
    <Huawei> terminal debugging
    <Huawei> debugging l2tp all
    <Huawei> debugging ppp all
    Jan 30 2018 18:43:14.110.1+00:00 Huawei L2TP/7/L2TDBG:
      Recv SCCRQ:
          Tunnel:1,  state:1
          From:193.109.59.5
          VPN-Index:1
    <Huawei>
    Jan 30 2018 18:43:14.110.2+00:00 Huawei L2TP/7/L2TDBG:
    L2tp CONTRL:  Check SCCRQ MSG Type 1
    <Huawei>
    Jan 30 2018 18:43:14.110.3+00:00 Huawei L2TP/7/L2TDBG:
     L2tp ERROR: Invalid Requested Host.

    The information collected from the device indicates that the incorrect L2TP configuration is caused by an invalid requested host.

  2. The analysis indicates that the interface of the destination device is configured with an IP address and is bound to a VPN instance, but the VPN instance of the source device initiating the L2TP tunnel establishment request is not specified. You need to run the allow l2tp command in the L2TP group view to configure the LNS to receive the L2TP tunnel establishment requests initiated by the device PC1 that belongs to the VPN instance internet and to use the virtual interface template virtual-template 1. Then, the fault is rectified.

Procedure

Configure the LNS to receive L2TP tunnel establishment requests initiated by the device PC1 that belongs to the VPN instance internet and to use the virtual interface template virtual-template 1.

<Huawei> system-view  
[Huawei] l2tp-group 1  
[Huawei-l2tp1] allow l2tp virtual-template 1 remote PC1 vpn-instance internet

Conclusions and Suggestions

If interfaces used by an L2TP tunnel are bound to VPN instances, the VPN instance of the device initiating an L2TP tunnel establishment request needs to be specified so that the request can be received by the destination device.

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 453879

Downloads: 4311

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next