No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


L2TP VPN experiment failure

Publication Date:  2012-10-18 Views:  88 Downloads:  0
Issue Description

(1) L2TP tunnel cannot be established normally
(2) L2TP tunnel has been established successfully,but the headquarters cannot access branch host each other
(3) The headquarters host can access branch host,but branch host cannot access headquarters host
Alarm Information
Handling Process
(1) input command call-lns local-user lac in the interface virtual-Templatel 1 process;
(2) input command undo ip fast-forwarding qff in the Ethernet0/0/01 interface process;
(3) static route ip route-static virtual-Templatel 1 modify to ip route-static, the failure has disappeared,and the headquarters host can access branch host each other.
Root Cause
(1) Check the configuration we find there is no the key command in the ACL interface virtual-Templatel process,not undo the L2TP tunnel connection
(2) Check the configuration and refer correlation technology document, we find the port fast-forwarding in the inbond of LAC(USG50) trust area Ethernet0/0/01 doesn’t shutdown;
(3) After thinking carefully and many times to solve, we find there may be some problem with static route;
We must be careful to notice the detail problem; and must keep calm brain and sober when we meet failure,aim at the problem to retrieve 、analyse reason,if the time is allowed, we can check the basic configuration,ensure the validity of correlation configuration,such as if the configuration is intact、 if the interface adds area、if it undoes the firewall area packet filter、 if it shuts the port fast-forwarding of firewall internal port、if it can reach the route next hop、if the parameter configuration which is established by two ends tunnel is match each other and so on.