No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Virtual template interface did not add to the domain lead to L2TP dial-up users cannot access enterprise intranet

Publication Date:  2012-10-16 Views:  106 Downloads:  0

Issue Description

Received a customer technical engineer call ask for help. Configure L2TP VPN in our firewall, the configuration has been completed, test terminal users can normal dial-up and get the assignment IP address, but just can't access enterprise intranet;
The last position problem, very simple, is virtual template interface did not add the domain, I also met this problem before, and took a long time to positioning;

Alarm Information


Handling Process

Add the interface Virtual - Template1 to the ZONE, after test terminal dialing access the intranet machine normally;

Root Cause

In PN project, in generally if VPN dial-up or establish normally, but access exception, basically it is routing or policy problem. But from the user screen capture and equipment configuration to see, terminal machine really get assigned private network IP, testing machine and VPN gateway firewall routing is normal too, default release policy is also open. Finally check configuration, find that interface Virtual - Template1 this Virtual interface did not add to the firewall domain;


In L2TP or L2TP + IPSEC VPN configuration process, add the physical interface to the domain, and always forget to add the interface Virtual - Template1 Virtual interface to the domain.
At the same time, except Interface Loopback interface don't need to add to the domain, other interfaces are need to add to the domain to ensure normal communication.

A lot of problems are not technical issue, but the detail, so must pay attention to the detail.