Received a customer technical engineer call ask for help. Configure L2TP VPN in our firewall, the configuration has been completed, test terminal users can normal dial-up and get the assignment IP address, but just can't access enterprise intranet;
The last position problem, very simple, is virtual template interface did not add the domain, I also met this problem before, and took a long time to positioning;
Add the interface Virtual - Template1 to the ZONE, after test terminal dialing access the intranet machine normally;
In PN project, in generally if VPN dial-up or establish normally, but access exception, basically it is routing or policy problem. But from the user screen capture and equipment configuration to see, terminal machine really get assigned private network IP, testing machine and VPN gateway firewall routing is normal too, default release policy is also open. Finally check configuration, find that interface Virtual - Template1 this Virtual interface did not add to the firewall domain;
In L2TP or L2TP + IPSEC VPN configuration process, add the physical interface to the domain, and always forget to add the interface Virtual - Template1 Virtual interface to the domain.
At the same time, except Interface Loopback interface don't need to add to the domain, other interfaces are need to add to the domain to ensure normal communication.
A lot of problems are not technical issue, but the detail, so must pay attention to the detail.