Panasonic NN46240-710 User Manual

1 L2TP troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VPN

3.

Check whether the tunnel authentication and the password are correctly configured on

the LAC and LNS ends. The request for the tunnel authentication can be initiated from

either the LAC or the LNS. If one end starts the tunnel authentication, the tunnel can be
established only when the remote end also starts the tunnel authentication and the

passwords of both ends are consistent. Run the display this command in the L2TP group
view on the LAC and LNS sides to check if the passwords of the tunnels are consistent.
If one end is configured with the tunnel authentication but the passwords on both ends

are inconsistent, use the tunnel password { simple | cipher } password command to
configure the passwords.

4.

Check whether the correct virtual template (VT) is bound on the LNS side.

5.

If one end is forcibly disconnected, while the remote end does not receive the Disconnect

packet, the tunnel between the two ends cannot be connected. This is because the remote

end requires a period of time to test the disconnection of the link.

6.

LNS does not accept the request for the connection of the tunnel from the LACs that

have the same IP addresses. If the two LACs simultaneously send the request for the

connection of the tunnel, the tunnel cannot be established.

Checking the state of PPP negotiation on the LNS side

1.

Check that LCP renegotiation or forced CHAP authentication is configured.

Run the display this command in the L2TP group view to check if LCP renegotiation or

forced CHAP authentication is configured. When the device is connected with the LAC

equipment of other companies, the user authentication on the LNS uses the LCP

renegotiation. You can configure the LAC device according to actual requirements.

After you configure LCP renegotiation on the LNS side, you must configure PPP

authentication on the corresponding virtual interface template. Otherwise, the user cannot

pass the authentication.

2.

Check that the LNS configures the corresponding user name and the password.

The two cases are as follows:

-

For local authentication, check whether the correct user name and password are

configured in the AAA view. If they are incorrect, configure them by using the
local-user user-name password { simple | cipher } password command.

- For RADIUS authentication, see the section about VAS troubleshooting in Nortel

Secure Router 8000 Series Troubleshooting - VAS (NN46240-709).

3.

Use the display ip pool command to check whether the address pool is small or no

address pool is configured.

4.

Use the display this command in the VT view to check whether the authentication type
is consistent with that of the LAC.

Checking that the LAC can ping through the loopback interface of the LNS

1.

2.

Ping the loopback interface from the LAC. If you can ping through the loopback
interface, a reachable route between the LAC and LNS exists. If not, check whether the

static route of the loopback interface on the LNS has been configured by the display ip
routing-table command.

If a static route exists, you can use the display this command in the L2TP group view on

the LNS side to check that the L2TP group binds the loopback interface. If no loopback

interface is bound, use the tunnel destination loopback command to bind it.

1-10

Nortel Networks Inc.

Issue 5.3 (19 January 2009)