[NE Router-Troubleshooting] Ping from the LAC to a Server in the Same Subnet Fails

Fault Symptom

An L2TP tunnel is set up between the user PC and the router, and the router is directly attached to a server. The PC can obtain an IP address from the IP address pool on the router. The obtained IP address and that of the server are on the same network segment.

After the PC accesses the VPN, the ping from the PC to the physical interface on the router succeeds, but the ping from the PC to the server in the same subnet fails. The ping from the router to the PC and server succeeds.

Fault Analysis

1.     There is no problem with L2TP configurations because the PC obtains an IP address through L2TP dial-up and the ping from the PC to the physical interface on the router is successful.

2.     There is no problem with the route from the router to the server because the ping from the router to the server is successful. The unsuccessful ping from the PC to the server may be due to the ARP problem.

3.     Check the ARP entries on the server. The check result shows that the server has not learned the ARP entry of the PC.

The PC accesses the intranet in L2TP mode and a point-to-point connection is set up between the PC and LNS. All the traffic from the PC is forwarded by the router to the server. Receiving a ping request packet, the server finds that the source address in the packet is in the same network segment as the IP address of the server. Then, the server checks ARP entries and finds that only the interface on the router is directly connected to itself. The server does not have the ARP entry of the PC. Thus, it is impossible for the server to respond to this ping request packet.

To rectify the fault, you can enable the ARP proxy function on the router.

Procedure

1.     Run the system-view command on the router to enter the system view.

2.     Run the interface interface-type interface-number command to enter the view of the interface connected to the server.

3.     Run the arp-proxy enable command to enable the ARP proxy function on the interface.

When the configuration is complete, the ping from the PC to the server succeeds, and the fault is rectified.

4.     Run the return command to return to the user view and run the save command to save the modification.

Summary

The ARP proxy function needs to be enabled when the IP address allocated by the router to the PC in L2TP access mode is on the same subnet as the connected customer-facing interface on the LNS.