cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
771
Views
0
Helpful
4
Replies

how to route traffic from VPDN client(PPTP) to EZVPN server on the c881

Tomasz Tuzimek
Level 1
Level 1

client vpdn(Windows XP) ------------------881(server vpdn and client EZvpn)----------------------------------ASA(server EZvpn) ----(LAN ASA)

                                                                      |

                                                                 (LAN 881)

all it's working only client can't ping subnet behind ASA(LAN ASA).

client vpdn can ping LAN 881 and even LAN 881 can ping LAN ASA.

Who know why can I ping any host in LAN ASA?

What I did see the counter_encrypt (EZvpn) on 881 don't increment.

4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Tomek,

Can you please re-phrase exactly what is not working?

Also what and where have you checked.

Marcin

I have got EZVPN between branch and central. When I connected to branch router over L2TP(router in the branch is the server L2TPoverIPSec) I can't ping any host behind server EZVPN. The ping should be routed from Virtual-Access(L2TP) to EZVPN but it is not working. Both L2TPoIPSec and EZVPN are terminating on the same physical interface(public address). If I try ping from LAN branch to LAN central over EZVPN ping is working.When I changed EZVPN to native IPSec (static crypto map) it's not working too.

Tomek,

You mentioned traffic not hitting the crypto (no encapsulation increasing, but I don't know where).

I would start by checking rouintg, but I'm also curious how you specified that clients from L2tp over Ipsec tunnels should be included in the Ezvpn tunnel.

High level overview I think it would make sense to try DVTI solution on the EZVPN client (and most likely the server):

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ipsec_virt_tunnl.html

I am terminate  L2TP on ruter and th

ere is decryption IPSec then this traffic should

be forwarded to IPSec LAN-to-LAN but I dont see any traffic.

I did test:

I assigned PBR to virtual-template(L2TP) and all traffic from L2TP direct to loopback.

Next I executed "show int loopback1" but I can't see any traffic from connected client who pinged some address.

I changed EZVPN on static crypto map and encapsulation GRE (int Tunnel) it works fine.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: