The L2TP client succeed in dialing but can’t access to the LNS-side server because of the setting of router and client.

Publication Date:  2012-09-11 Views:  340 Downloads:  0
Issue Description
Network topology:
Server---USG5120---internet--client
Client connected Internet by NAT. L2TP VPN dialed successfully and obtained the ip address “172.16.168.2/24”. The ip address of client’s local area connection is 192.168.1.25.
Client can’t ping the server (192.168.0.50) and other network segment of internal network. And server can access to public network.
Alarm Information
Null
Handling Process
1. On usg5120, user could ping the server. It showed the USG5120-side routes are no problem.

2. In host, use the command “netstat –r”, and found the server-side route went through local default route. Checked the VPN setting of client, and found that tick the “Access to Internet after connection success”, but there were no routes to LNS-side internal network in the route setting. So added the route.

3. After step 2, client could access to LNS-side pcs (192.168.10.0/24), but not to server (192.168.0.50)

4. Checked the routing table of USG2100, and found a route to segment 192.168.1.0/24.the route direct to USG5120, so the route is blocked. Changed the PC local ip address or the route on USG5120, so that USG5120 had the route to client.
Root Cause
1. There are some packet filtering problem between the security zone of VT port and servers.
2. Server didn’t has route to client, or the route of client couldn’t reach LNS-side internal network.
3. Route confliction.
Suggestions
If client can’t access to LNS-side internal network after VPN dialing successfully, it would be most likely to the routing problem.

END