VPN users can't access network on L2L tunnel

Answered Question

We have a VPN concentrator that has a L2L connection that connects our office with another location. We also have users connect into our office using the Cisco client. There has recently been a need for the users to VPN and access a network on the L2L tunnel but they can't access it. I'm having problems wrapping my head around what I need to do to allow this. Since they are both terminating at the concentrator it seems that the concentrator should know how to handle the traffic.

I have this problem too.
0 votes
Correct Answer by ajagadee about 8 years 2 days ago

Hi,

Have you included the VPN Pool of IP Addresses in the Lan to Lan Tunnel Interesting Traffic. Also, make sure that the remote site IPSEC ACL's and routing are updated after you make the changes on your side.

Regards,

Arul

*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
ajagadee Tue, 12/09/2008 - 07:54

Hi,

Have you included the VPN Pool of IP Addresses in the Lan to Lan Tunnel Interesting Traffic. Also, make sure that the remote site IPSEC ACL's and routing are updated after you make the changes on your side.

Regards,

Arul

*Pls rate if it helps*

John Blakley Tue, 12/09/2008 - 12:06

Let's say that your VPN users get:

192.168.100.0

And

your L2L users are on the:

10.10.10.0

You will need to configure your group policy for the dial-in users to be able to access the 10.10.10.0 network. If they tunnel everything, this won't be a problem. Now, you will need to change the ACL on the other end of the L2L tunnel, and allow them to get to the 10.10.10.0 network. What I suspect is happening is that the VPN clients are getting to the L2L side, but the traffic is dropping because the L2L side doesn't know how to get back to your VPN client.

You'll need to change the ACL on the client end of the L2L tunnel and the tunnel policy that the concentrator uses to allow the VPN clients range.

HTH,

John

Actions

This Discussion