2

I am able to connect to our company's VPN with L2TP on the iphone and ipad, however, I can only get to certain resources in our company network but not others.

After looking at the iOS device logs and routing tables, it seems that only the first 30 routes from our topology are seen on the iOS device. We are running a Checkpoint (R75) firewall.

Is there a limitation on the # of routes that can be saved in a routing table in iOS, or it some kind of limitation of L2TP in general? Any other troubleshooting ideas are welcome. Thanks.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
Banjer
  • 3,854
  • 11
  • 40
  • 47

2 Answers2

2

I find it more likely that this is related to your firewall rules. I might double check that you aren't only letting stuff route to a certain subnet, or range or group that was created in your network. I might also double check this.

I've setup L2TP connections to iPhones and iPads using sonicwall, but I've never had to setup connections to over 30 devices. Where are you finding the log files on your iOS device? Could you post the contents of the log?

Nixphoe
  • 4,524
  • 7
  • 32
  • 51
  • I'm getting the console logs from the iPhone Configuration Utility: http://www.apple.com/support/iphone/enterprise/ It is handy for managing enterprise deployment of iOS devices. – Banjer Jul 23 '11 at 18:31
  • For what its worth, I also used an app called System Status to view the routing table, and this matched up with what I saw in the device logs. I believe you can also use the Organizer windows in Xcode to view the device logs if you have an OSX machine and already have it installed. Its a big download, so get the iphone config utility instead if you just need to view logs. – Banjer Jul 23 '11 at 18:39
1

Per another conversation I'm having in a Checkpoint forum:

L2TP only allows for 30 routes. If your encryption domain is more than 28 subnets you will have issues with anyone's L2TP client.

I'm having trouble confirming that, but makes sense from what we're seeing.

EDIT: Recent post on Checkpoints website states that 28 is in fact about the max # of subnets that can be seen by L2TP clients.

Banjer
  • 3,854
  • 11
  • 40
  • 47