L2TP VPN dialing due to address pool conflict leads to can’t access the internal network

Publication Date:  2012-11-12 Views:  404 Downloads:  0
Issue Description
A site’s PC through the Secoway VPN Clientz directly do L2TP VPN connection with the center USG2220, the client dial-up connects successful, but unable to access center network resources. Network topology: Intranet—usg2220----internet---pc
Alarm Information
None.
Handling Process
1, first check the dialing on the PC, found it has acquired the IP and mask;
2, check the LNS configuration, found the IP address of the address pool under the VT port is in the same network segment with the internal network interface;
Interface
GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip pool 192.168.150 192.168.1.254
3, modify the address of address pool to: ip pool 1 1.1.1.1 1.1.1.254, the client redial, can visit the LNS internal network resources
Root Cause
LNS end configured address pool is in the same network segment with the internal network, there is IP address conflict when dialing, which leads to can’t access to LNS end internal network.
Suggestions
In L2P dialing, need to make sure the LNS address pool and any network segment of the internal network are not in the same network segment, in order to avoid to cause address conflict.

END