5 faqs, 5 faqs -5 – Panasonic NN46240-710 User Manual

1 L2TP troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VPN

1.5 FAQs

Q: Why is the interface on the LAC side unable to ping through the loopback

interface of the LNS?

A: A possible cause is that the LAC has no route to the loopback interface of the LNS.

Q: Why is the PPP negotiation between the user and the LAC unsuccessful?

A: A possible cause is that the authentication modes configured on the user and the LAC

are different (one is PAP and the other is CHAP).

Q: Why is the PPP negotiation between the user and the LNS unsuccessful?

A: The possible causes are as follows.

- The configured address pool on the LNS end is too small or no address pool is

configured on the LNS end.

- No corresponding user is configured on the LNS end.

- The authentication of the tunnel between the LNS end and LAC does not pass.

- The authentication of the VT and the user are different.

- The IP address assigned by the LNS to the user conflicts with other addresses of the

user.

Q: The data cannot be transmitted although the connection is established. Why
does this occur?

A: The possible causes are as follows.

- Either the Forward Information Base (FIB) entry of the loopback interface on the

LNS has no decapsulation mark or the FIB entry of the user route on the LNS has no
encapsulation mark.

- Either network congestion or instability of the network quality occurs.

- The user end is configured with the IP address, but the IP address is not in the same

network segment as the VT.

Q: What are the differences between agent authentication, enforced CHAP
authentication, and LCP renegotiation?

A: The LCP renegotiation has the highest authority. That is, if you configure the LCP
renegotiation and the enforced CHAP authentication at the same time, the L2TP uses the

LCP renegotiation in the mode configured on the VT.

The enforced CHAP authentication has the secondary priority. That is, if you configure
only the enforced CHAP authentication without the LCP renegotiation, the LNS end

authenticates the user in CHAP mode. If the authentication does not pass, the session

cannot be established.

The agent authentication has the lowest authority. That is, if you do not configure the
enforced CHAP authentication or the LCP renegotiation, the LNS uses the agent

authentication. With agent authentication, the LAC transmits all authentication

information it gets from the users and the authentication mode configured on the LAC
end to the LNS. The LNS authenticates the users by the information and the

authentication mode transmitted from the LAC end.

The relationship between agent authentication and the authentication mode configured
on the VT are is follows:

- If you configure PAP authentication mode on LAC, while the authentication mode

configured on the VT on LNS is CHAP, the LAC cannot pass authentication because

the priority of CHAP on the LNS is higher.

1-18

Nortel Networks Inc.

Issue 5.3 (19 January 2009)