Support Center > Search Results > SecureKnowledge Details
When connected with L2TP client to Security Gateway's alias IP address, the returned encrypted traffic is sent out with source IP address of the physical interface
Symptoms
  • When connected with L2TP client to the Security Gateway's alias IP address, the returned encrypted traffic is sent out with the source IP address of the physical interface.

    Logical Topology: [PC with L2TP client] --- (VPN) --- {ethX with alias IP}[GW]{ethY} --- [Host]

    FW Monitor on Security Gateway shows:

    ethX:i[...]: PC_real_IP -> GW_alias_IP (50)
    ethX:I[...]: PC_Office_Mode_IP -> Host_IP (...)
    ethY:o[...]: PC_Office_Mode_IP -> Host_IP (...)
    ethY:O[...]: PC_Office_Mode_IP -> Host_IP (...)
    ethY:i[...]: Host_IP -> PC_Office_Mode_IP (...)
    ethY:I[...]: Host_IP -> PC_Office_Mode_IP (...)
    ethX:o[...]: Host_IP -> PC_Office_Mode_IP (...)
    ethX:O[...]: GW_physical_IP -> PC_real_IP (50)
  • Example Topology:

    (Office Mode 172.16.10.4) [PC with L2TP client] (172.30.108.194) <=== (VPN) ===>
    --- {alias 172.30.108.17 on eth0:1} (172.30.108.152 on eth0) [Security Gateway] (10.10.80.1 on eth1) ---
    --- (10.10.80.2) [Host]

    Example Traffic Flow:

    1. L2TP client 172.30.108.194 connects to Security Gateway's alias IP address 172.30.108.17
    2. Traffic is passing between the "L2TP client" Office Mode 172.16.10.4 and the "Host" 10.10.80.2
    3. However, FW Monitor on Security Gateway shows that the returned traffic from the "Host" is encrypted and
      sent out with source IP address of the physical interface 172.30.108.152 instead of IP address of the alias interface 172.30.108.17:
  • When connected with Endpoint Security Client to Security Gateway's alias IP address, the returned encrypted traffic is sent out with source IP address of the alias interface as expected.

    Logical Topology: [PC with EP Client] --- (VPN) --- {ethX with alias IP}[GW]{ethY} --- [Host]

    FW Monitor on Security Gateway shows:

    ethX:i[...]: PC_real_IP -> GW_alias_IP (50)
    ethX:I[...]: PC_Office_Mode_IP -> Host_IP (...)
    ethY:o[...]: PC_Office_Mode_IP -> Host_IP (...)
    ethY:O[...]: PC_Office_Mode_IP -> Host_IP (...)
    ethY:i[...]: Host_IP -> PC_Office_Mode_IP (...)
    ethY:I[...]: Host_IP -> PC_Office_Mode_IP (...)
    ethX:o[...]: Host_IP -> PC_Office_Mode_IP (...)
    ethX:O[...]: GW_alias_IP -> PC_real_IP (50)

    Example:

Solution
Note: To view this solution you need to Sign In .