Have L2TP for remote access setup. Remote client can connect, is getting addresses assigned, but cannot get to anything local on the LAN. Suggestions?
config for L2TP..
l2tp {
remote-access {
authentication {
local-users {
username XXXXXXX{
password XXXXXXXX
}
}
mode local
}
client-ip-pool {
start 192.168.100.10
stop 192.168.100.20
}
dhcp-interface eth0
dns-servers {
server-1 192.168.1.1
server-2 8.8.8.8
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret XXXXXXXXXX
}
ike-lifetime 3600
}
mtu 1492
}
config for firewall
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 1 {
action accept
description "Allow established/related"
log enable
state {
established enable
related enable
}
}
rule 4 {
action accept
description "Allow ICMP"
log disable
protocol icmp
state {
established enable
invalid disable
new enable
related enable
}
}
rule 5 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action accept
description "Web Gui Access"
destination {
port 8443
}
log disable
protocol tcp_udp
}
rule 30 {
action accept
description "SSH Access"
destination {
port 2022
}
log disable
protocol tcp
state {
established enable
invalid disable
new enable
related enable
}
}
rule 40 {
action accept
description "Allow ICMP"
log disable
protocol icmp
}
rule 70 {
action accept
description "Allow L2TP"
destination {
port 500,1701,4500
}
log disable
protocol udp
}
rule 80 {
action accept
description "Allow ESP"
log disable
protocol 50
}
rule 90 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}