Hello Community,
I have a working L2TP VPN dialup and a working OSPF routing over our site firewalls. From the L2TP network I can reach all local networks (connected to the firewall itself), but I can't reach any network in the site locations. I figured out, with the latest SFOS 19.5 the L2TP IPs are not distributed over OSPF, like in the previous versions.
With SFOS 19 this setup will work:
- In the OSPF global configuration I selected ABR type “Cisco”
- Under “Networks & areas” I added the L2TP pool network to the area where my local networks connected to.
With this setup, the IP (not the whole network) of the client was distributed over OSPF and we had access to the site networks. With SFOS 19.5 this setup won’t work anymore. The L2TP-Client IP isn’t distributed to the site firewalls.
My workaround is, that I added a static route on the HQ-Firewall for the L2TP-Pool Network and used the internal Interface as gateway. The static route is distributed with OSPF. With this workaround I have access to the site networks.
Is this the best-practice solution or has anybody a better solution?
Thanks,
Ben
This thread was automatically locked due to age.
