L2TP + IPSec = output crypto map check failed

Unanswered Question
May 16th, 2007
User Badges:

I had following problem. Cisco 2651 acts as LNS server for L2TP connections, LAC is WinXP. Network topology:

fa/0.901 has address adn fa0/0.900 has address . When clients from subnet connect to , everything works perfect - IPSec protected L2TP tunnel comes up. The same happens when clients from subnet connect to . But when client tries to connect to address from different network ( to and to, it does not work.

Debug output and Cisco config are attached.

I found nothing similar to my problem on Internet. Is this a bug or I missed something?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
klepikov_a Fri, 09/23/2016 - 04:10
User Badges:

First of all, since crypto map is used, it will work only on physical interface that belongs to same subnet - this is how crypto map works.

I tried to set up loopback interface and to make clients to connect to loopback's IP. That did not work too. So I ended up with clients connecting to the "closest" physical interface and with split DNS.


This Discussion