Re: How to see Lan after VPN tunnel is established

pwolsza_wolfik1 · ‎06-25-2010

After configuration VPN using L2TP on router users can connect to it.

But they can't connect to computers which are in the LAN after establishing the VPN tunnel.

How to do that?

Jay Young · ‎06-25-2010

Patryk,

When you mean "see Lan" are you saying that you can't browse your network or getting the NetBIOS messages. When you vpn the router puts a /32 entry in its table out the WAN interface. As a result if you are broadcasting stuff on your LAN and even if your vpn address is within that subnet, you won't see any of those broadcast packets. You should be able to ping (unicast) those computers though.

-Jay

pwolsza_wolfik1 · ‎06-26-2010

To 'see' I mean to can't ping server which is inside.

I can't ping from the contecet client to internal server even when the connection is established.

Jay Young · ‎06-28-2010

Patryk,

Without more detailed information about the issue there is not much to say, but here a few things to check:

1) The subnet mask on the ip address pool. This could be configured wrong.

2) In the L2TP config on the client do you have the "use this as a default gateway" box checked

3) When you do a ping to the internal client do you see decapsulations in the output of "show crypto ipsec sa"

4) Are you able to ping the router's inside interface?

pwolsza_wolfik1 · ‎07-02-2010

Thank you for support.

The problem was routing between 2 routers in LAN.

After configuration static routing now I can ping server.

Anyway thank's for sugestions.