Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
2
Replies

Return traffic after using L2TP !

chidd
Level 1
Level 1

‎04-24-2010 10:47 AM

Hello !

I'm trying to test the following topology:

Client ------ Server(win2k3) --------- (Internet)-------- VPN Server(ASA) ---------- LAN

- Server running L2TP to connect to VPN Server (sucessful)

- Client can ping to LAN after VPN tunnel is up when I enable NAT on Server win2k3.

- VPN Server can ping to VPN Card on Server but VPN Server can't ping to Client

It's mean that one-way traffic can transport from Client to LAN (because of using NAT) but actually, I still need Traffic from LAN can access to Client but it does not work.

From ASA, I add new route:

route outside {Network address of Client} {Netmask}   {IP Address of VPN on Server}

Does anyone have ideas to solve this problem ??

Thanks

Chidd

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎04-24-2010 10:57 AM

Hi,

You cannot have that route on the ASA:

route outside {Network address of Client} {Netmask}   {IP Address of VPN on Server}  --> Assuming VPN on Server is the W2k3

This is because the next-hop has to be a directly connected device on the Layer 3 segment.

The VPN 2k3 and the ASA does not share an IP subnet (they communicate through the Internet), so the route on the ASA to reach the client has to point to the next-hop of the ASA to reach the Internet.

The traffic from the Client is being NATed through the L2TP tunnel?

So, the LAN of the ASA should communicate back to the client using the public NATed IP for the client correct?

Federico.

0 Helpful

chidd
Level 1
Level 1
In response to Federico Coto Fajardo

‎04-25-2010 01:46 AM

Hi Federico !

Thanks for Reply. Because I add new route "route outside {Network address of Client} {Netmask}   {IP Address of VPN  on Server}" so Traffic from LAN of ASA did not forward to next-hop to reach Internet. The problem is that when traffic from LAN to ASA, ASA did not forward to Server via VPN Tunnel instead of  dropped. (I checked on VPN card of Server but packets did not reach to it when pinging to client)


I am trying to configure site-2-site VPN btw ASA and Sever (win2k3) so traffic can reach two-way between LAN of Server and LAN of ASA.Hope it work

Do anyone have ideas to solve this problems ?

Thanks

Chidd

0 Helpful
Customers Also Viewed These Support Documents