L2TP + IPSec = output crypto map check failed

Unanswered Question
May 16th, 2007

I had following problem. Cisco 2651 acts as LNS server for L2TP connections, LAC is WinXP. Network topology:

10.1.1.0/24---fa0/0.901(Cisco)fa0/0.900---10.0.0.0/24

fa/0.901 has address 10.1.1.1 adn fa0/0.900 has address 10.0.0.254 . When clients from subnet 10.1.1.1/24 connect to 10.1.1.1 , everything works perfect - IPSec protected L2TP tunnel comes up. The same happens when clients from subnet 10.0.0.0/24 connect to 10.0.0.254 . But when client tries to connect to address from different network (10.1.1.0/24 to 10.0.0.254 and 10.0.0.0/24 to 10.1.1.1), it does not work.

Debug output and Cisco config are attached.

I found nothing similar to my problem on Internet. Is this a bug or I missed something?

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
klepikov_a Fri, 09/23/2016 - 04:10

First of all, since crypto map is used, it will work only on physical interface that belongs to same subnet - this is how crypto map works.

I tried to set up loopback interface and to make clients to connect to loopback's IP. That did not work too. So I ended up with clients connecting to the "closest" physical interface and with split DNS.

Actions

This Discussion