Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1239
Views
0
Helpful
2
Replies

L2TP + IPSec = output crypto map check failed

klepikov_a
Level 1
Level 1

‎05-16-2007 10:51 PM - edited ‎02-21-2020 03:03 PM

I had following problem. Cisco 2651 acts as LNS server for L2TP connections, LAC is WinXP. Network topology:

10.1.1.0/24---fa0/0.901(Cisco)fa0/0.900---10.0.0.0/24

fa/0.901 has address 10.1.1.1 adn fa0/0.900 has address 10.0.0.254 . When clients from subnet 10.1.1.1/24 connect to 10.1.1.1 , everything works perfect - IPSec protected L2TP tunnel comes up. The same happens when clients from subnet 10.0.0.0/24 connect to 10.0.0.254 . But when client tries to connect to address from different network (10.1.1.0/24 to 10.0.0.254 and 10.0.0.0/24 to 10.1.1.1), it does not work.

Debug output and Cisco config are attached.

I found nothing similar to my problem on Internet. Is this a bug or I missed something?

1 person had this problem
Labels:
Preview file
2 KB
Preview file
11 KB
0 Helpful
2 Replies 2

vikash srivastava
Level 1
Level 1

‎09-23-2016 02:58 AM

I am also facing this issue. how did you solved it?

0 Helpful

klepikov_a
Level 1
Level 1
In response to vikash srivastava

‎09-23-2016 04:10 AM

First of all, since crypto map is used, it will work only on physical interface that belongs to same subnet - this is how crypto map works.

I tried to set up loopback interface and to make clients to connect to loopback's IP. That did not work too. So I ended up with clients connecting to the "closest" physical interface and with split DNS.

0 Helpful
Customers Also Viewed These Support Documents