06-16-2010 07:20 AM
client vpdn(Windows XP) ------------------881(server vpdn and client EZvpn)----------------------------------ASA(server EZvpn) ----(LAN ASA)
|
(LAN 881)
all it's working only client can't ping subnet behind ASA(LAN ASA).
client vpdn can ping LAN 881 and even LAN 881 can ping LAN ASA.
Who know why can I ping any host in LAN ASA?
What I did see the counter_encrypt (EZvpn) on 881 don't increment.
06-16-2010 08:23 AM
Tomek,
Can you please re-phrase exactly what is not working?
Also what and where have you checked.
Marcin
06-18-2010 02:28 AM
I have got EZVPN between branch and central. When I connected to branch router over L2TP(router in the branch is the server L2TPoverIPSec) I can't ping any host behind server EZVPN. The ping should be routed from Virtual-Access(L2TP) to EZVPN but it is not working. Both L2TPoIPSec and EZVPN are terminating on the same physical interface(public address). If I try ping from LAN branch to LAN central over EZVPN ping is working.When I changed EZVPN to native IPSec (static crypto map) it's not working too.
06-18-2010 03:01 AM
Tomek,
You mentioned traffic not hitting the crypto (no encapsulation increasing, but I don't know where).
I would start by checking rouintg, but I'm also curious how you specified that clients from L2tp over Ipsec tunnels should be included in the Ezvpn tunnel.
High level overview I think it would make sense to try DVTI solution on the EZVPN client (and most likely the server):
07-02-2010 02:52 AM
I am terminate L2TP on ruter and th
ere is decryption IPSec then this traffic should
be forwarded to IPSec LAN-to-LAN but I dont see any traffic.
I did test:
I assigned PBR to virtual-template(L2TP) and all traffic from L2TP direct to loopback.
Next I executed "show int loopback1" but I can't see any traffic from connected client who pinged some address.
I changed EZVPN on static crypto map and encapsulation GRE (int Tunnel) it works fine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: