No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


L2TP Client Fails to Access the LNS Due to Routing and Client Settings

Publication Date:  2019-01-18 Views:  313 Downloads:  0

Issue Description



After the client accesses the Internet through NAT and the L2TP VPN dial-up is successful, the IP address obtained through dial-up is, and the local IP address of the client is In this case, the client cannot ping through the server ( or other network segments of the intranet, but the server can access the Internet.

Handling Process

1. If the ping packet to the server carries the IP address of the WAN interface on the USG5120, the ping succeeds. This indicates that the route configuration on the USG5120 is correct.

2. Run the netstat -r command on the PC to view the routing table. The command output shows that the packets to the LNS server are transmitted based on the local default route. Check the VPN dial-up client configuration on the local host. It is found that Access the Internet after the connection is successful is selected. However, the route to the intranet of the LNS is not set in the route setting. To solve this problem, add the route to the intranet of the LNS.

3. After step 2 is performed, the PC on the LNS side can be accessed, but the server cannot be accessed.

4. Check the USG5120's routing table. It is found that a route to the destination network segment points to an intranet device connecting to the USG5120. Therefore, the route is unreachable. Inform the customer of the problem and the solution: Change the local IP address of the PC or the route of the USG5120, so that the USG5120 has a route to the client. After the customer changes the route, the client can access the server.

Root Cause

1. Packet filtering does not work well between the security zone where the VT interface resides and the security zone where the server resides.

2. The server does not have a route to the client, or the route of the client cannot reach the intranet of the LNS.

3. A route conflict occurs.


After the VPN dial-up is successful, if the intranet of the LNS cannot be accessed, the route setting is probably incorrect.