Saturday, January 25, 2020

L2TP VPN routing to other networks?

Hello all

I've set up an L2TP VPN connection to my ASA which is working great, configured just like below. I can access network 192.168.2.0 from the VPN. But my problem is that I also want to access another network 10.10.3.0/24 which is connected to the ASA via an IPSec VPN tunnel.

I can access 10.10.3.0/24 from 192.168.2.0/24 but not from 192.168.100.0/24.

I've added the L2TP VPN network into the encryption domain of the IPSec VPN tunnel but i got quite stuck there, can anyone perhaps point me in the correct direction?

ASA Version 8.4(2) ! ! interface GigabitEthernet0 nameif outside security-level 0 ip address 47.47.47.100 255.255.255.0 ! interface GigabitEthernet1 nameif inside security-level 100 ip address 192.168.2.1 255.255.255.0 ! ! object network local_lan subnet 192.168.2.0 255.255.255.0 ! object network obj_192.168.2.0 subnet 192.168.2.0 255.255.255.0 ! object network obj_192.168.100.0 subnet 192.168.100.0 255.255.255.0 ! ! ip local pool L2TP-Pool 192.168.100.1-192.168.100.100 mask 255.255.255.0 ! ! nat (inside,outside) source static obj_192.168.2.0 obj_192.168.2.0 destination static obj_192.168.100.0 obj_192.168.100.0 no-proxy-arp route-lookup ! object network local_lan nat (inside,outside) dynamic interface ! route outside 0.0.0.0 0.0.0.0 47.47.47.47 1 ! ! aaa-server LDAP protocol ldap aaa-server LDAP (inside) host 192.168.2.100 ldap-base-dn DC=testlab,DC=com ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password Y0u@rmyl1fe ldap-login-dn CN=ASA Admin,CN=Users,DC=testlab,DC=com server-type microsoft ! ! crypto ipsec ikev1 transform-set L2TP-set esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set L2TP-set mode transport ! crypto dynamic-map client-map 10 set ikev1 transform-set L2TP-set crypto map outside-map 65535 ipsec-isakmp dynamic client-map crypto map outside-map interface outside ! ! crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 ! ! group-policy L2TP-Client internal group-policy L2TP-Client attributes dns-server value 192.168.2.100 vpn-tunnel-protocol l2tp-ipsec default-domain value testlab.com ! ! tunnel-group DefaultRAGroup general-attributes address-pool L2TP-Pool authentication-server-group LDAP default-group-policy L2TP-Client tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key cisco tunnel-group DefaultRAGroup ppp-attributes authentication pap no authentication chap no authentication ms-chap-v1 no authentication ms-chap-v2 ! ! : end


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)