As shown in the following figure, the AR functions as the enterprise egress router, and the branch and headquarters establish an L2TP tunnel. Users on outbound interface GE1/0/0 connect to the network through PPPoE dialup.
The private network user (PC1) can successfully connect to the network through L2TP dialup. When the public network user (PC2) performs L2TP dialup (packets from PC2 to the LAC are forwarded through GE1/0/0), error 800 is displayed. Log in to the AR to collect L2TP debugging information. There is no L2TP debugging information on the AR.
1. PC1 can successfully connect to the network through L2TP dialup, indicating that the L2TP configuration is correct.
2. Check the public network interface configuration. There is one UDP port mapping.
interface Dialer1 (The dialup configuration is omitted.)
nat server protocol tcp global interface Dialer 1 www inside a.a.a.a www
nat server protocol tcp global interface Dialer 1 pop3 inside b.b.b.b pop3
nat server protocol tcp global interface Dialer 1 smtp inside c.c.c.c smtp
nat server protocol tcp global interface Dialer 1 ftp inside d.d.d.d ftp
nat server protocol udp global interface Dialer 1 any inside e.e.e.e any
nat outbound 2001
The L2TP tunnel uses UDP port 1701, and all UDP ports of the NAT server are mapped to the private network. When PC2 initiates L2TP dialup to the LNS, the packets reaching GE1/0/0 of the LAC map the NAT server mapping entry. The LAC maps packets to the private network. As a result, packets cannot reach the LNS and PC2 fails to perform L2TP dialup. The fault is rectified after the following configuration is deleted.
nat server protocol udp global interface Dialer 1 any inside f.f.f.f any
The AR is configured with port mapping, so packets from the public network are mapped to other network devices.
The common troubleshooting for L2TP dialup failure is as follows:
1. Check the L2TP configuration.
2. If the L2TP configuration is correct, run the debugging ppp all and debugging l2tp all commands to collect debugging information for fault location.
3. If debugging information cannot be collected, check whether packets reach the LNS, are rejected by the LNS, and are forwarded to other network devices.
4. When port mapping is configured on the NAT server, consider service features especially L2TP and Telnet. Prevent service exceptions or interruptions.