Hi,
I've been struglin for this for a long while. I've done tons of searches and haven't found a solution on how to solve this. Even read all the Cisco documentation on VPDNs, but no help on this particular issue.
This is my issue:
I have this cisco 836 providing NAT for all the internal networks. Everything working fine. I also have a VPN that is working normaly for the internal networks only. A client connected to the VPN can access the internal network without problems.
However the VPN users can't access the internet and I have no ideia where the packets are being droped. I realy wanted the VPN network to be NATed to the outside, just like any other internal network.
But I even tryed to route the VPN network to another router on the internal network, but the default GW didn't change on the client side.
This is the current config:
c836# show running-config Building configuration...
Current configuration : 10291 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname c836 ! boot-start-marker boot-end-marker ! enable secret 5 $1$Z98Y$LdV8s.N4ptl1VtFSITBtE. ! no aaa new-model no ip source-route ! ! no ip dhcp use vrf connected ! ip dhcp pool VPNPOOL network 172.19.0.0 255.255.0.0 domain-name vpn.lan dns-server 192.168.1.253 default-router 192.168.200.2 lease 30 ! ! no ip cef ip name-server 212.18.160.133 no ip bootp server vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! isdn switch-type basic-net3 ! ! username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX username USER password 7 XXXXXXXXXXXXXXXXX ! ! ! ! ! interface Ethernet0 description --- 10Mbps connection to LAN --- ip address 172.16.0.1 255.255.0.0 ip access-group 112 in ip nat inside ip virtual-reassembly no cdp enable ! interface Ethernet2 description --- Connection to Cisco 877 --- ip address 192.168.200.1 255.255.255.0 ip access-group 112 in ip nat inside ip virtual-reassembly no cdp enable ! interface BRI0 no ip address encapsulation hdlc isdn switch-type basic-net3 isdn point-to-point-setup ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode etsi pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Virtual-Template1 description --- PPTP VPN access interface --- ip unnumbered Ethernet2 ip nat inside ip virtual-reassembly ip route-cache flow peer default ip address dhcp-pool VPNPOOL no keepalive ppp encrypt mppe 128 ppp authentication ms-chap-v2 ! interface Dialer1 ip address negotiated ip access-group FROMINET in ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name VDF dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ppp chap password 7 XXXXXXXXXXXXXXXXXX ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXXXX !
ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 172.18.0.0 255.255.0.0 192.168.200.2 ip route 192.168.1.0 255.255.255.0 192.168.200.2 ip route 192.168.2.0 255.255.255.0 192.168.200.2 ip route 192.168.3.0 255.255.255.0 192.168.200.2 ! no ip http server no ip http secure-server ! no ip nat service sip udp port 5060 ip nat inside source route-map NAT interface Dialer1 overload ip nat inside source static tcp 192.168.3.10 80 x.y.z.106 25 extendable ip nat inside source static tcp 192.168.1.253 80 x.y.z.106 80 extendable ip nat inside source static tcp 192.168.1.253 80 z.y.z.106 443 extendable ! ! ip access-list extended FROMINET remark Filter Traffic from INET permit ip any any permit gre any any ! ip access-list extended INTERNAL permit ip 192.168.0.0 0.0.255.255 any permit ip 172.18.0.0 0.0.255.255 any permit ip 172.19.0.0 0.0.255.255 any ! access-list 112 permit tcp host 192.168.3.10 any eq smtp access-list 112 deny tcp any any eq smtp access-list 112 permit ip any any no cdp run ! route-map NAT permit 10 match ip address INTERNAL ! ! control-plane ! ! line con 0 exec-timeout 120 0 login local no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 line vty 5 15 privilege level 15 login transport input telnet ! scheduler max-task-time 5000 no rcapi server ! ! end
Connected client info:
PPP adapter VPN:
Connection-specific DNS Suffix . : vpn.lan Description . . . . . . . . . . . : VPN Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.19.0.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 192.168.1.253 212.18.160.133 NetBIOS over Tcpip. . . . . . . . : Enabled
Any tips?