Internal network-----LNS-----external network------client
Internal user through the client software dialing in successfully, but it is unable to access internal network resources, the internal network is whole the province connected network, operating OSPF.
1, from the customer known that the other users of the internal network can access resources normally, eliminate resources own problem.
2, because the customer have dialed successfully, dial-up parameter basic is right, through questioning known that the address pool is in the same network segment with the internal network which connected with firewall, after changed the address pool to another network segment, the problem is temporary solved.
3, customer reflect that can’t access other network segment resources, considering that the customer is in OSPF province network, which can't literally add routing, only try to let the post-dialed address and the firewall interface in a same network segment.
4, address pool can't be changed, but if wants to change the accessed internal network address, can use NAT, use it in trust and untrust direction, after testing, can access to normally.
1, resources itself has not opened authority
2, L2TP is not configured properly
3, there is no routing
NAT inbound is used not too much, but in no routing or not inconvenient to add new routing cases, the effect is obvious.