Why can't my VPN clients access the internet?
I can connect with my VPN server and access internall networks from outside the internet.
My problem is, why am I not being able to access the internet when connected to VPN
router#sh run
Building configuration...
Current configuration : 2024 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname stalkerrt
!
aaa new-model
!
!
aaa authentication ppp default local
aaa session-id common
enable password 7 03174F0A0A04245E4C1B161644
!
username hardy1785 password 7 10450716151F514F5D567E3C65
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group TEST-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp dns-server 209.137.160.7
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed 100
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.1.2.2 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 10.1.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 10.1.4.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
description gateway port
ip address xxxxxxxxxxxxxxxxxxxxxxxx
ip nat outside
duplex auto
speed 10
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet0/1
peer default ip address pool defaultpool
ppp authentication chap
!
ip local pool defaultpool 192.168.15.1 192.168.15.5
ip nat pool InternetNAT xxxxxxxxxxxxxxxxxxxx prefix-length 24
ip nat inside source list 2 pool InternetNAT overload
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxxxxxx
no ip http server
ip pim bidir-enable
!
!
access-list 2 permit 10.0.0.0 0.255.255.255
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
My problem is, why am I not being able to access the internet when connected to VPN
router#sh run
Building configuration...
Current configuration : 2024 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname stalkerrt
!
aaa new-model
!
!
aaa authentication ppp default local
aaa session-id common
enable password 7 03174F0A0A04245E4C1B161644
!
username hardy1785 password 7 10450716151F514F5D567E3C65
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group TEST-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp dns-server 209.137.160.7
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed 100
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.1.2.2 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 10.1.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 10.1.4.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
description gateway port
ip address xxxxxxxxxxxxxxxxxxxxxxxx
ip nat outside
duplex auto
speed 10
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet0/1
peer default ip address pool defaultpool
ppp authentication chap
!
ip local pool defaultpool 192.168.15.1 192.168.15.5
ip nat pool InternetNAT xxxxxxxxxxxxxxxxxxxx prefix-length 24
ip nat inside source list 2 pool InternetNAT overload
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxxxxxx
no ip http server
ip pim bidir-enable
!
!
access-list 2 permit 10.0.0.0 0.255.255.255
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
My daily blog about IT and tech stuff
http://techintuition.com/
http://techintuition.com/
Comments
-
crazy_jay
Member Posts: 7 ■□□□□□□□□□
Have you tried adding this:
access-list 2 permit 192.168.15.0 0.0.0.248 -
mikej412
Member Posts: 10,086 ■■■■■■■■■■
Your traffic "has to be interesting" and it has to be on a nat interface. This link may be what you need, or point you in the right direction. See if your virtual template or vpdn-group let's you do ip nat inside, otherwise use the loopback "trick"
Router and VPN Client for Public Internet on a Stick Configuration Example:mike: Cisco Certifications -- Collect the Entire Set!