Print

Experience case of Intranet resources of the opposite end is unreachable when L2TP tunnel is established

2021-04-25 Published

Network Topology

none

Problem Description

L2TP tunnel is established, the address has been obtained successfully, and the gateway can also be pinged, but the terminal can not access the intranet resources of the opposite end. Checking the routing table on the router, it is found that the routes of two terminal have been added.

192.168.1.100/32 Direct 0 0 192.168.1.100 VA0 

192.168.1.101/32 Direct 0 0 192.168.1.101 VA1

Process Analysis

There is no problem with the routing table, so check the configuration

interface Vlan-interface1 

 description con to user 

 ip address 192.168.1.1 255.255.255.0

#

 interface GigabitEthernet0/1 

 port link-mode route 

 description con to CN2 

 ip address 10.230.x.242 255.255.255.252 

 nat outbound 3000


Solution

interface Virtual-Template1 

 ppp authentication-mode pap chap domain xxx.js 

 remote address pool 1 

 ip address unnumbered interface Vlan-interface1


     At first glance, there is nothing wrong with the configuration, but after careful inspection, it is found that the address of the VT template inherits vlan-int 1, that is, the address of the VT and the intranet are in the same subnet. In this case, in order to respond to ARP packet correctly, you need to open the ARP proxy: proxy-arp enable in the intranet port. After modifying the configuration,problem solved.