Access the internet through network of headquarters after dialing to company with L2TP.

Publication Date:  2012-09-10 Views:  96 Downloads:  0
Issue Description
Some user access the internet through CGMD-China Railwaycom, dialing to company headquarters with L2TP and access the internet through network of headquarters. Customer could access internal network resources of headquarters, but customer couldn’t access external network normally after dialing to headquarters. 
Alarm Information
NULL
Handling Process
1、 Review whether customer could access resources of headquarters with dialing or not, positive.
2、 Review whether all data passed by VPN tunnel or not, positive.
3、 Review whether customer access internet session exists in export firewall of headquarters or not, finding only export session exists, but internal network of headquarters could access it normally, it shows that the link is fine.
4、 Review ip address which customer gets, finding that DNS hasn’t been got and it leads to negative access the internet for customer.
5、 Configure DNS manual at client, then it works. 
Root Cause
Customer makes route point to virtual board, and don’t do NAT conversion, all data passed by L2TPVPN, but customer can’t get DNS when getting ip address of VPN, and it leads to negative access to internet for customer.
Suggestions
 Problems like this mostly because of VPN client could only get ip address, but couldn’t get DNS.

END