3 troubleshooting l2tp access to the layer 3 vpn, 1 networking environment, 1 networking environment -5 – Panasonic NN46240-710 User Manual
Page 31: The l2tp
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
Nortel Secure Router 8000 Series
Troubleshooting - VPN___________
1 L2TP troubleshooting
Checking the status of PPP negotiation on the LAC side
The user needs to pass the PPP authentication on the LAC end before the L2TP tunnel and
session are established. The methods are as follows:
1.
If the LAC end uses local authentication, you can use the local-user user-name
password { simple | cipher } password command in the AAA mode to check that the
correct user name and password are configured on the LAC end.
2.
If the LAC end uses RADIUS authentication, see the section about VAS troubleshooting
in Nortel Secure Router 8000 Series Troubleshooting - VAS (NN46240-709).
3.
If access with the full user name is used, you can use the display local-user command to
check that the corresponding user is configured and the user matches with the name of
the client. If not, modify the user name of either end. Use the start l2tp ip ip-address
fullusername user-name command to modify the user name on the LAC end.
4.
If access with the domain name is used, check that the postfix of the domain name
matches the domain name of the end user, and check if the list separator of the domain
name postfix corresponding with the end user is configured. If they do not match, modify
the postfix of the domain name with the start l2tp ip ip-address domain domain-name
command. If no list separator of the domain name postfix exists, use the l2tp domain
suffix-separator command to configure it.
5.
Check whether the PPP authentication mode configured on the user interface on the LAC
end is consistent with that on the LNS side. The command for PPP authentication is ppp
authentication { pap | chap }.
6.
Check whether the authentication mode on the LAC end is consistent with that on the
user end. If not, modify the authentication end on one end. For example, the default
authentication mode of the VPN connection created by Windows 2000 is MSCHAP. If
the LAC does not support MSCHAP, change the mode to CHAP.
If the preceding configurations are correct, the user can pass the authentication on the LAC
end. If you still cannot resolve the L2TP faults, contact Nortel technical support.
1.3 Troubleshooting L2TP access to the Layer 3 VPN
The section describes the following topics:
•
•
•
1.3.1 Networking environment
If many enterprises use one LNS and users of an enterprise need to communicate with their
own headquarters, but the network address is a private IP address, for example 10.8.0.0, the
users cannot access the internal server of the enterprise through the Internet. To enable users
to access the internal network of the enterprise, you can establish a VPN that supports
multiple instances.
As shown in Figure 1-5, the domain name of headquarters of the 01 enterprise is 263.net and
PC1 is the user of the enterprise. The domain name of headquarters of the 02 enterprise is
163.net and PC2 is the user of the enterprise.
Issue 5.3 (19 January 2009)
Nortel Networks Inc.
1-11