none
L2TP tunnel is established, the address has been obtained successfully, and the gateway can also be pinged, but the terminal can not access the intranet resources of the opposite end. Checking the routing table on the router, it is found that the routes of two terminal have been added.
192.168.1.100/32 Direct 0 0 192.168.1.100 VA0
192.168.1.101/32 Direct 0 0 192.168.1.101 VA1
There is no problem with the routing table, so check the configuration
#
interface Vlan-interface1
description con to user
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
description con to CN2
ip address 10.230.x.242 255.255.255.252
nat outbound 3000
#
interface Virtual-Template1
ppp authentication-mode pap chap domain xxx.js
remote address pool 1
ip address unnumbered interface Vlan-interface1
At first glance, there is nothing wrong with the configuration, but after careful inspection, it is found that the address of the VT template inherits vlan-int 1, that is, the address of the VT and the intranet are in the same subnet. In this case, in order to respond to ARP packet correctly, you need to open the ARP proxy: proxy-arp enable in the intranet port. After modifying the configuration,problem solved.
No comments
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作