No route to host : L2TP connecting but not reaching local net

In fact I can not even ping the 195.115.46.xxx machinnes that are on the same network as the server when connected ??

You could put your server on the 10.0.1.0 network only and let some UDP ports through to it instead. That is if it would suffice to have Mac L2TP VPN compatibility (or if you get GRE through your Cisco to the private IP LAN you could use PPTP instead/also).[\i]
How would I have to do that (I don't plan to deploy PPTP) ?
Here is the configuration of my three interfaces:
interface Ethernet0/0
ip address 10.0.1.1 255.255.0.0
ip access-group 100 in
no ip directed-broadcast
ip nat inside
ip inspect Ethernet_0 in
appletalk cable-range 1-1 1.216
appletalk zone Pac
appletalk zone Editors
appletalk zone Direction
appletalk zone Amaganset
no mop enabled
!
interface Serial0/0
bandwidth 1920
ip address 195.114.127.2 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat outside
ip inspect Serial_0 in
encapsulation ppp
no ip mroute-cache
no fair-queue
!
interface Ethernet0/1
ip address 195.114.56.9 255.255.255.0 secondary
ip address 195.114.56.254 255.255.255.0
ip access-group 100 in
no ip directed-broadcast
ip inspect Ethernet_0 in
no ip route-cache
no ip mroute-cache
"So my network has 2 gateways one for the 10.0.1.0 network and one for the 195.114.56.0 net"

Use only the public interface gw/router IP (Cisco "DMZ" interface, your public "LAN" gw) as the (default gw) router on the OS X server. Leave the private LAN interface router field empty.[\i]

I am not shure this will work...
If I don't use any IP for the default GW on the public interface of the server... how will It be able to find the proper route to the outside ?


What IPs are the VPN users getting (from private LAN IP range?) from the VPN server and what router definitions are you using (if any)? [\i]
10.0.1.210 --> 10.0.1.220
Thanks for your support!

I was thinking about using something like that on the conf of my router in order to bypass the interface 195.115.xx.xx and directly forward packets to the inside interface (10.0) :

ip nat inside source static tcp 10.0.1.15 500 interface FastEthernet0 500
ip nat inside source static tcp 10.0.1.15 1701 interface FastEthernet0 1701
ip nat inside source static tcp 10.0.1.15 4500 interface FastEthernet0 4500

Would I need to forward more ports in order to access the AFP servers on the 10.0.1.15 interface ? Normaly all the traffic should be routed through the VPN accessed through these ports ?

I do need to have a second interface connected to the internet because I plan to deploy various services on this server including an FTP + HTTP server.

---

This has nothing to do with the initial posting but, regarding Apple Talk have you got any remark regarding this "appletalk cable-range 1-1 1.216" ?

Would you advise me not to use the Apple Talk routing policy on this router (I only have a small lan and initially used It to divide this network using the zone statement) ?

As Apple talk protocol has evolved toward TCP/IP I don't know if this is so usefull nowdays ?

---

Thank you very much again for your support.

In fact most of the things were Ok.

I only needed to add a route to the router of type :
--> ip route 192.168.254.0 255.255.255.240 10.0.1.15

192.168.254.0 255.255.255.240 beeing the networke range I use for VPN

The problem initially came from the fact that I was trying to access my VPN from a remote network that had the same IP range as my LAN = "no route to host".

Solution :
--------

--> Make sure your VPN server is distributing address not used (that's why I have pickup 192.168.254.0 255.255.255.240).
--> modify / create a route to from the range of address distributed by the VPN server to the internal address of your server.
--> ip route "your vpn network range" "the private interface of your server"
--> Everything should be ok (except that I can not access the Internet while beeing connected to the VPN).

Thx.