Configured “L2TP OVER IPSEC” on USG2100, the far end customers use VPN Client establish VPN with USG, but can only reach the third step when dial the VPN: the second phase established successfully, on the fourth step it prompts tunnel saturation overtime, the establishment of VPN fails.
1, check L2TP configuration, no problem, use VPN Client dial the L2TP successful.
2, check the IPSEC configuration, no problem. In VPN Client connection, IKE’s two stages are able to build.
3, check the routing, far end user's actual IP is the 192.168.0.0 segment, and in the USG has the following routing:
IP route - static 192.168.0.0 255.255.0.0 10.10.10.10
Address 10.10.10.10 is not the export’s routing address, USG connected another network segment, we should cancel the routing, or point the 192.168.168.0.0 segment routing to the external network, use VPN Client dial the VPN again, connected successfully, problem solving.
1, configuration problem.
2, routing problem.
3, other problems.