Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2TP + IPSec = output crypto map check failed

I had following problem. Cisco 2651 acts as LNS server for L2TP connections, LAC is WinXP. Network topology:

10.1.1.0/24---fa0/0.901(Cisco)fa0/0.900---10.0.0.0/24

fa/0.901 has address 10.1.1.1 adn fa0/0.900 has address 10.0.0.254 . When clients from subnet 10.1.1.1/24 connect to 10.1.1.1 , everything works perfect - IPSec protected L2TP tunnel comes up. The same happens when clients from subnet 10.0.0.0/24 connect to 10.0.0.254 . But when client tries to connect to address from different network (10.1.1.0/24 to 10.0.0.254 and 10.0.0.0/24 to 10.1.1.1), it does not work.

Debug output and Cisco config are attached.

I found nothing similar to my problem on Internet. Is this a bug or I missed something?

2 REPLIES
New Member

I am also facing this issue.

I am also facing this issue. how did you solved it?

New Member

First of all, since crypto

First of all, since crypto map is used, it will work only on physical interface that belongs to same subnet - this is how crypto map works.

I tried to set up loopback interface and to make clients to connect to loopback's IP. That did not work too. So I ended up with clients connecting to the "closest" physical interface and with split DNS.

627
Views
0
Helpful
2
Replies