< Home

L2TP VPN Troubleshooting

This section describes L2TP VPN troubleshooting.

Prerequisites

The configurations of the LNS are verified based on mobile user configurations. It is assumed that the mobile user configurations are correct.

Procedure

  1. Check whether the PC of the mobile user can connect to the LNS.

    • If yes, go to 2.
    • If no, go to 4.

  2. Check whether the PC of the mobile user can access the server at the headquarters.

    • If yes, the process ends.
    • If no, go to 3.

  3. The L2TP connection is established successfully, but the mobile user cannot access the intranet.
    1. Run the display zone command to check whether the VT interface is added to a security zone.

      • If yes, go to 3.b.
      • If no, run the add interface Virtual-Template template-number command to add the VT interface to a security zone.

    2. Check whether an interzone security policy is configured.

      • If yes, the route configuration may be incorrect, or other exceptions occur.
      • If no, configure an interzone security policy. For details, see Security Policy.

  4. The L2TP connection fails to be established.
    1. Check whether the PC of the mobile user can ping the LNS.

      • If yes, go to 4.b.
      • If no, ensure that the route configuration is correct.

    2. Check whether the tunnel authentication parameters on the LNS and the PC of the mobile user are consistent.

      • If yes, disable tunnel authentication on both ends and go to 4.c.
      • If yes, enable tunnel authentication on both ends, set the same tunnel authentication password for both ends, go to 4.c.
      • If no, disable or enable tunnel authentication on both ends. If tunnel authentication must be enabled on both ends, set the same tunnel authentication password for both ends.

    3. Check whether the tunnel name configured on the PC of the mobile user is the same as the peer tunnel name configured for the L2TP group.

      Run the display current-configuration configuration l2tp command to check whether the tunnel name configured on the PC of the mobile user is the same as the peer tunnel name configured for the L2TP group.

      • If yes, go to 4.d.
      • If no, ensure that the tunnel name configured on the PC of the mobile user is the same as the peer tunnel name configured for the L2TP group.

    4. Check whether the PPP authentication modes on the PC of the mobile user and the LNS are consistent.

      • If yes, go to 4.e.
      • In no, reconfigure the PPP authentication mode to ensure that the PC of the mobile user and LNS have the same PPP authentication mode.

    5. Check whether the address pool referenced by the domain where the mobile user resides is consistent with that referenced by the corresponding virtual template.

      • If yes, the process ends.
      • If no, run the remote { service-scheme service-scheme | address ip-address } command in the virtual template view to modify the address pool referenced by the virtual template.

Parent Topic: Maintaining L2TP VPNs
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >