Issue Description
![]()
L2TP over IPSec is configured on the USG5320, and the AR1220's IP address 218.8.213.146 is mapped to the USG5320's IP address 192.168.100.2. A PC fails to perform a dialup operation through L2TP over IPSec, but can perform a dialup operation through L2TP.
Handling Process
1. Check the L2TP session on the USG5320.
udp VPN:public --> public
Zone: untrust--> untrust TTL: 00:02:00 Left: 00:01:26
Interface: Ethernet0/0/0 NextHop: 192.168.100.1 MAC: 00-00-00-00-00-00
<--packets:0 bytes:0 -->packets:12 bytes:1474
192.168.253.10:45094-->218.8.213.146:1701
The destination IP address is the AR's public IP address.
2. Change the L2TP network server (LNS) IP address to the USG5320's IP address 192.168.100.2 on the VPN client.
Check the L2TP session on the USG5320 again.
udp VPN:public --> public
Zone: untrust--> local TTL: 00:02:00 Left: 00:02:00
Interface: InLoopBack0 NextHop: 127.0.0.1 MAC: 00-00-00-00-00-00
<--packets:20 bytes:1247 -->packets:17 bytes:1048
192.168.253.10:18983-->192.168.100.2:1701
The dialup operation succeeds.
Root Cause
1. Route fault
2. Other faults
Suggestions
When address mapping is configured in the L2TP over IPSec scenario, pay attention to the L2TP LNS IP address configuration.
