L2TP/IPsec VPN troubles

Hello there!

Some time ago in our company has been setted a task to realize a VPN for remote user connections from external networks and for stretching the network between two offices. We decided to start from VPN for remote users. Model of router is RB3011. One of interfaces (eth1) on this router is connected to dedicated IP address by ISP. Other inteface (eth9) is connected to switch Cisco 3560, on which serve local network 192.168.67.0/24. Did everything by instruction on https://bozza.ru/art-248.html (instruction in russian, so nevermind) when was configuring the VPN.
As a result connection works, IP address dynamically provides from VPN pool. I can connect to MikroTik web-admin panel (192.168.67.13), but can’t connect to another local services (even can’t ping). What is the problem with may be?

I’ve attached a short scheme of connection to the topic. Can give more information if it will be require.

P.S. I tested using of arp-proxy setting and static routes on client devices. It didn’t help…

Much thanks in advance!

You want to make sure you have FW rules permitting the VPN IPs to “talk” with the LAN network and vice-a-versa.

I made the 2 FW rules:
forward Src: 192.168.66.1 Dst: 192.168.67.1 accept
forward Srv: 192.168.67.1 Dst: 192.168.66.1 accept

is it correct or it should be something else?

The problem is solved. Maybe it will be useful for someone:
I’ve created rule in the Firewall NAT masquarade with 192.168.66.0/24 Src and Dst addresses. In Dst uses parameter NOT

NATing is not really solving the problem - you just suppress its symptoms.
Is your cisco router aware of the vpn subnet?
I could bet it isn’t. So arequest comes from VPN to a client with a 192.168.66.0/24 src-address, the client responds, sends it to its default gateway (the Cisco router) and this router has no clue where to send this traffic. So it sends it to his default gateway…

You should add the route to it:

ip route 192.168.66.0 255.255.255.0 192.168.67.13

-Chris

Yeah, true! Thank you so much for advice