The following figure shows the networking. At the HQ, the customer deploys an AR2200, which uses the static IP address to access the Internet. At the two branches, the customer deploys AR150 routers, which use PPPoE dialup to access the Internet.
The branches use L2TP VPN to communicate with the HQ. When only one branch establishes a tunnel with the HQ, communication is normal.
When two branches both establish a tunnel with the HQ, the communication with the HQ fails for the two branches, but the tunnels are successfully set up.
1. Confirm the current software version of the device, which is V200R007.
2. Collect the device route configuration. Compare the configuration in the configuration file of the HQ with that in the product documentation. The OSPF dynamic route is used in the product documentation. The current configuration is as follows:
ip route-static 192.168.9.0 255.255.255.0 Virtual-Template1 preference 90
ip route-static 192.168.10.0 255.255.255.0 Virtual-Template1 preference 90
3. According to the symptom and configuration comparison, suspect that the issue is caused by the incorrect route configuration. Confirm with route experts that the route configuration is incorrect.
4. Inform the customer that the routes are configured incorrectly, which need to be corrected as follows:
ip route-static 192.168.9.0 255.255.255.0 192.168.9.1 (IP address of the peer intranet gateway of branch 1)
ip route-static 192.168.10.0 255.255.255.0 192.168.10.1 (IP address of the peer intranet gateway of branch 2)
When L2TP VPN is configured between the HQ and two branches, the same virtual tunnel is configured as the static route from the HQ to the branches. However, the next hop address of the route is not specified correctly. As a result, the route is unreachable.
Compare the configuration and analyze the fault based on the symptom to facilitate troubleshooting.