VPN: Site to Site and Remote Access I can't access the internal network from L2TP over IPsec VPN

UTM Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 9 replies
Answers 1 answer
Subscribers 3 subscribers
Views 18679 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can't access the internal network from L2TP over IPsec VPN

Jason Ross over 6 years ago

Hello all,

I have been banging my head against this one all day.

I have L2TP over IPsec setup using the default VPN pool.

I have a Firewall rule set: (Source) VPN pool --------(Service) Any ---------(Destinations) Internal (Network)

The rule is enabled yet None of my clients can see anything on the internal network.

I have tried setting up NAT Masq. rules with no effect.

What am I missing here?

SG230,

Firmware version: 9.414-2

This thread was automatically locked due to age.

Parents

0 Shaun Raven over 6 years ago

ok - in your firewall rule make sure you have both the internal network and the vpn pool (l2tp) as both the source AND destination - see if that helps.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jason Ross over 6 years ago in reply to Shaun Raven

HA! Eureka! That did it. Thank you so much.

Why is that the case? Why does it need to be this way to function?
Cancel
Vote Up 0 Vote Down

Cancel
0 Shaun Raven over 6 years ago in reply to Jason Ross

It's because the firewall locks down all access EXCEPT what you allow. Your first rule only allowed traffic one way - the modifcation suggested allows traffic both ways.

Glad it's working!
Cancel
Vote Up 0 Vote Down

Cancel
0 Jason Ross over 6 years ago in reply to Shaun Raven

I spoke too soon. This fix is not working anymore and it didn't work on my other UTM's.

Thank you for trying to help.

I even tried making two separate rules instead of adding both to the source and destination. No joy.
Cancel
Vote Up 0 Vote Down

Cancel
0 Shaun Raven over 6 years ago in reply to Jason Ross

Just a thought - make sure you're using the right interfaces in the rules. They should be "Internal (Network)" and "VPN Pool (L2TP)".

Also make sure they map to the IP ranges that you expect.

Remember that for any traffic to flow from your internal network to your VPN clients, your internal network machines must be using the UTM as their gateway.

How are you determing traffic -PING?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Shaun Raven over 6 years ago in reply to Jason Ross

Just a thought - make sure you're using the right interfaces in the rules. They should be "Internal (Network)" and "VPN Pool (L2TP)".

Also make sure they map to the IP ranges that you expect.

Remember that for any traffic to flow from your internal network to your VPN clients, your internal network machines must be using the UTM as their gateway.

How are you determing traffic -PING?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data