Dialup Through L2TP over IPSec on USG5320 Fails

L2TP over IPSec is configured on the USG5320, and the AR1220's IP address 218.8.213.146 is mapped to the USG5320's IP address 192.168.100.2. A PC fails to perform a dialup operation through L2TP over IPSec, but can perform a dialup operation through L2TP.

None

1. Check the L2TP session on the USG5320.
udp  VPN:public --> public
  Zone: untrust--> untrust  TTL: 00:02:00  Left: 00:01:26
  Interface: Ethernet0/0/0  NextHop: 192.168.100.1  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:12 bytes:1474
  192.168.253.10:45094-->218.8.213.146:1701
The destination IP address is the AR's public IP address.
2. Change the L2TP network server (LNS) IP address to the USG5320's IP address 192.168.100.2 on the VPN client.
Check the L2TP session on the USG5320 again.
udp  VPN:public --> public
  Zone: untrust--> local  TTL: 00:02:00  Left: 00:02:00
  Interface: InLoopBack0  NextHop: 127.0.0.1  MAC: 00-00-00-00-00-00
  <--packets:20 bytes:1247   -->packets:17 bytes:1048
  192.168.253.10:18983-->192.168.100.2:1701
The dialup operation succeeds.

1. Route fault
2. Other faults

When address mapping is configured in the L2TP over IPSec scenario, pay attention to the L2TP LNS IP address configuration.