Having abit of a problem with my config, I've setup PPTP VPN on my 1801 and pointed it at my local DHCP server for one of the private address ranges. The problem is I can only get a single client to connect, it seems to be sending the same MAC address to the DHCP server so only one address is being used. Do I need to use an address pool setup on the router itself?
Below is the config:
! service nagle service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname net-gw ! ip name-server x.x.x.x ip name-server x.x.x.x ip domain name x.x.x ! ip cef ip flow-top-talkers top 10 sort-by bytes ! clock timezone GMT 0 ntp server x.x.x.x ! boot-start-marker boot-end-marker ! aaa new-model aaa authentication ppp default local ! enable secret xxx no enable password username xxx privilege 15 secret xxx ! ! VPN usernames username xxx password 0 xxx ! ! VPN config vpdn enable ! vpdn-group 1 ! accept-dialin protocol pptp virtual-template 1 ! logging x.x.x.x no logging console archive log config logging enable logging size 500 notify syslog hidekeys ! ip subnet-zero ip classless no service pad no ip source-route no ip finger no ip bootp server no ip domain-lookup ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface BRI0 no ip address encapsulation hdlc no ip route-cache shutdown ! interface FastEthernet1 spanning-tree portfast description trunk link to loft-sw01 fa0/24 (vlan 2) switchport trunk encapsulation dot1q switchport trunk native vlan 1 switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk duplex auto speed auto ! interface FastEthernet2 spanning-tree portfast description trunk link to loft-sw01 fa0/23 (vlan 3,4,5) switchport trunk encapsulation dot1q switchport trunk native vlan 1 switchport trunk allowed vlan 1,3-5,1002-1005 switchport mode trunk duplex auto speed auto ! interface FastEthernet3 spanning-tree portfast shutdown duplex auto speed auto ! interface FastEthernet4 spanning-tree portfast shutdown duplex auto speed auto ! interface FastEthernet5 spanning-tree portfast shutdown duplex auto speed auto ! interface FastEthernet6 spanning-tree portfast shutdown duplex auto speed auto ! interface FastEthernet7 spanning-tree portfast switchport mode access switchport access vlan 1 duplex auto speed auto ! interface FastEthernet8 spanning-tree portfast description link to wireless ap switchport mode access switchport access vlan 3 duplex auto speed auto ! ! ATM config interface ATM0 no ip address no ip route-cache no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point no ip route-cache pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! Vitrual template for VPN interface Virtual-Template1 ip unnumbered vlan 3 peer default ip address dhcp ppp encrypt mppe auto required ppp authentication ms-chap ms-chap-v2 ! ! VLANS interface Vlan1 description Management VLAN ip address 192.168.255.1 255.255.255.0 ! interface Vlan2 description Public VLAN ip address x.x.x.x 255.255.255.240 ! interface Vlan3 description Private VLAN ip address 172.16.0.1 255.255.255.0 ip helper-address x.x.x.x ip nat inside ! interface Vlan4 description Work VLAN ip address 10.0.10.1 255.255.255.0 ip helper-address x.x.x.x ip nat inside ! interface Vlan5 description Uni Live VLAN ip address 192.168.100.1 255.255.255.0 ip helper-address x.x.x.x ip nat inside ! ! PPoA interface Dialer0 description outside world ip address negotiated ip nat outside ip verify unicast reverse-path no ip redirects no ip unreachables no ip directed-broadcast no ip proxy-arp no ip mask-reply ip access-group inbound_firewall in ip access-group outbound_firewall out encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname xxx@xxx ppp chap password 0 xxxxxx no cdp enable ! ! default route ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! NAT access list - allow any local addresses dialer-list 1 protocol ip permit access-list 1 permit 172.16.0.0 0.15.255.255 access-list 1 permit 10.0.10.0 0.255.255.255 access-list 1 permit 192.168.100.0 0.0.255.255 ip nat inside source list 1 interface Dialer0 overload ! no ip access-list extended inbound_firewall ip access-list extended inbound_firewall ! ! filter out the crud remark deny own range deny ip x.x.x.x 0.0.0.15 any remark deny spoof addresses deny ip 127.0.0.0 0.255.255.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip 224.0.0.0 31.255.255.255 any deny ip host 255.255.255.255 any deny ip host 0.0.0.0 any remark deny non-routables deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any ! remark icmp traffic permit icmp any any echo-reply permit icmp any any unreachable permit icmp any any time-exceeded deny icmp any any remark allow established permit tcp any x.x.x.x 0.0.0.15 established permit udp any range 1 1023 x.x.x.x 0.0.0.15 gt 1023 permit udp any gt 1023 x.x.x.x 0.0.0.15 gt 1023 ! deny ip any any ! ! no ip access-list extended outbound_firewall ip access-list extended outbound_firewall ! remark allow own range permit ip x.x.x.x 0.0.0.15 any ! remark block any other traffic deny ip any any ! ! no ip http server no ip http secure-server ! snmp-server community xxx RW snmp-server community xxx RO snmp-server location Loft Cab snmp-server contact Steven Carr ! banner login ^
Unauthorised access prohibited - all access and commands are logged.
^ ! line con 0 login local session-timeout 10 line vty 0 4 login local session-timeout 10 transport input ssh ! end