Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

ISR4331. L2TP IPSec VPN . Unable to access remote network

Assid
Level 1
Level 1

‎11-18-2018 10:32 AM - edited ‎03-05-2019 11:03 AM

Hi,

I try to provide remote VPN access to office via L2TP/IPSec with embedded Windows client. The tunnel set successfully but I cannot reach remote network. No ping of remote hosts. Seems like no routing between Virtual-Access and LAN interfaces.

sh run:

!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
description VPDN_L2TP_GROUP
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
ip pmtu
ip mtu adjust

license accept end user agreement
license boot level appxk9
license boot level uck9
license boot level securityk9
file privilege 0
diagnostic bootup level minimal
spanning-tree extend system-id
!
crypto keyring KEYRING_L2TP
pre-shared-key address 0.0.0.0 0.0.0.0 key <key>
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp profile L2TP
keyring KEYRING_L2TP
match identity address 0.0.0.0
!
!
crypto ipsec transform-set L2TP_TSET1 esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec transform-set L2TP_TSET2 esp-aes esp-sha-hmac
mode transport
crypto ipsec transform-set L2TP_TSET3 esp-3des esp-sha-hmac
mode transport
!
!
!
crypto dynamic-map L2TP_DMAP 1000
set transform-set L2TP_TSET1 L2TP_TSET2
set isakmp-profile L2TP

set nat demux
reverse-route
!
!
crypto map CRYPTO_MAP 100 ipsec-isakmp dynamic L2TP_DMAP
!
interface Loopback0
ip address 192.168.168.1 255.255.255.0
!
interface GigabitEthernet0/0/0
description -=WAN=-
ip address X.X.X.250 255.255.255.248
no ip redirects
negotiation auto
no cdp enable
crypto map CRYPTO_MAP
ip virtual-reassembly
!
interface GigabitEthernet0/0/1
description -=LAN=-
ip address 192.168.8.11 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.8.4 255.255.255.0
negotiation auto
!
interface Virtual-Template1
description L2TP_VIF
ip unnumbered Loopback0
peer default ip address pool L2TP_ADDR_POOL
keepalive 5
ppp authentication ms-chap-v2
ppp ipcp dns 192.168.8.33
ip virtual-reassembly
!
interface Virtual-Access2
mtu 1460
!
ip local pool L2TP_ADDR_POOL 192.168.168.10 192.168.168.100
ip default-gateway X.X.X.249
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 X.X.X.249

 

Where I was wrong?

I'd appreciate your help. Thank you in advanced!

 

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic