Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN users can't access network on L2L tunnel

We have a VPN concentrator that has a L2L connection that connects our office with another location. We also have users connect into our office using the Cisco client. There has recently been a need for the users to VPN and access a network on the L2L tunnel but they can't access it. I'm having problems wrapping my head around what I need to do to allow this. Since they are both terminating at the concentrator it seems that the concentrator should know how to handle the traffic.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN users can't access network on L2L tunnel

Hi,

Have you included the VPN Pool of IP Addresses in the Lan to Lan Tunnel Interesting Traffic. Also, make sure that the remote site IPSEC ACL's and routing are updated after you make the changes on your side.

Regards,

Arul

*Pls rate if it helps*

3 REPLIES

Re: VPN users can't access network on L2L tunnel

Bascially, AFAIK the concentrator will not allow VPN clients to access the L2L network unless specifically configured. There is a solution on PIX/ASA called "Hair-pinning" Not sure if you can do this in a concentrator.

HTH>

Cisco Employee

Re: VPN users can't access network on L2L tunnel

Hi,

Have you included the VPN Pool of IP Addresses in the Lan to Lan Tunnel Interesting Traffic. Also, make sure that the remote site IPSEC ACL's and routing are updated after you make the changes on your side.

Regards,

Arul

*Pls rate if it helps*

Re: VPN users can't access network on L2L tunnel

Let's say that your VPN users get:

192.168.100.0

And

your L2L users are on the:

10.10.10.0

You will need to configure your group policy for the dial-in users to be able to access the 10.10.10.0 network. If they tunnel everything, this won't be a problem. Now, you will need to change the ACL on the other end of the L2L tunnel, and allow them to get to the 10.10.10.0 network. What I suspect is happening is that the VPN clients are getting to the L2L side, but the traffic is dropping because the L2L side doesn't know how to get back to your VPN client.

You'll need to change the ACL on the client end of the L2L tunnel and the tunnel policy that the concentrator uses to allow the VPN clients range.

HTH,

John

HTH, John *** Please rate all useful posts ***
175
Views
10
Helpful
3
Replies