PPTP Routing Cisco 1841

Hi,

Can some one tell me where i've gone wrong here i've a PPTP connecion for my windows laptops working they connect and authenticate they even pick up an IP

They can also ping the LAN address of the router but they can't see anything else on the LAN not printer or server i can't ping anything other than the router any ideas?

aaa new-model ! ! aaa authentication ppp default group radius local aaa authorization network default if-authenticated ! aaa session-id common ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall cuseeme ip inspect name firewall h323 ip inspect name firewall rcmd ip inspect name firewall realaudio ip inspect name firewall streamworks ip inspect name firewall vdolive ip inspect name firewall sqlnet ip inspect name firewall tftp ip inspect name firewall ftp ip inspect name firewall icmp ip inspect name firewall sip ip inspect name firewall esmtp max-data 52428800 ip inspect name firewall fragment maximum 256 timeout 1 ip inspect name firewall netshow ip inspect name firewall pptp ip inspect name firewall rtsp ip inspect name firewall skinny no ip dhcp use vrf connected ip dhcp excluded-address 10.0.80.1 10.0.80.99 ip dhcp excluded-address 10.0.80.201 10.0.80.254 ! ip dhcp pool COMPANYPOOL network 10.0.80.0 255.255.255.0 default-router 10.0.80.254 domain-name arbiter2.local dns-server 10.0.80.1 195.184.229.229 netbios-name-server 10.0.80.1 netbios-node-type h-node lease 1 4 ! ! no ip ips deny-action ips-interface ip domain name vsure.net ip sla monitor 1 type echo protocol ipIcmpEcho 135.196.64.132 timeout 1000 threshold 2 frequency 3 ip sla monitor schedule 1 life forever start-time now ! vpdn enable vpdn logging vpdn logging user vpdn logging tunnel-drop vpdn ip udp ignore checksum ! vpdn-group PPTPGroup ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 10 ! ! ! ! ! ! ! track 123 rtr 1 reachability ! ! ! ! interface FastEthernet0/0 description VSure Server LAN ip address 10.0.80.254 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 no ip mroute-cache duplex auto speed auto hold-queue 100 out ! interface FastEthernet0/1 description connected to Network ip address 10.0.60.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 no ip mroute-cache shutdown duplex auto speed auto hold-queue 100 out ! interface ATM0/0/0 no ip address ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 no ip mroute-cache no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0/0/0.1 point-to-point ip nat outside ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface ATM0/1/0 no ip address ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 no ip mroute-cache no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0/1/0.1 point-to-point ip nat outside ip virtual-reassembly pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 2 ! ! interface Virtual-Template10 ip unnumbered FastEthernet0/0 ip virtual-reassembly ip mroute-cache peer default ip address pool vpnpool ppp encrypt mppe 128 passive ppp authentication ms-chap ms-chap-v2 ! interface Dialer0 description primary-link ip address negotiated ip access-group 101 in ip mtu 1492 ip inspect firewall out ip nat outside ip virtual-reassembly encapsulation ppp no ip route-cache cef no ip route-cache ip tcp adjust-mss 1452 no ip mroute-cache dialer pool 1 dialer remote-name redback dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password ppp ipcp dns request hold-queue 224 in ! interface Dialer1 description backup-link ip address negotiated ip access-group 101 in no ip redirects no ip unreachables ip nat outside ip virtual-reassembly encapsulation ppp no ip route-cache cef no ip route-cache no ip mroute-cache dialer pool 2 dialer-group 2 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password ppp ipcp dns request ! ! ip local policy route-map MY-LOCAL-POLICY ip local pool vpnpool 10.0.80.230 10.0.80.250 ip classless ip route 0.0.0.0 0.0.0.0 135.196.xxx.xxx track 123 ip route 0.0.0.0 0.0.0.0 82.153.xxx.xxx 254 ip route 10.0.80.0 255.255.255.0 FastEthernet0/0 ! no ip http server no ip http secure-server ip nat inside source list 105 interface Dialer0 overload ip nat inside source list 106 interface Dialer1 overload ! ! access-list 103 permit icmp any host 135.196.xxx.xxx echo access-list 105 remark Traffic to NAT access-list 105 deny ip 10.0.80.0 0.0.0.255 10.0.80.0 0.0.0.255 access-list 105 permit ip 10.0.80.0 0.0.0.255 any access-list 106 deny ip 10.0.80.0 0.0.0.255 10.0.80.0 0.0.0.255 access-list 106 permit ip 10.0.80.0 0.0.0.255 any dialer-list 1 protocol ip permit snmp-server community public RO snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty ! radius-server host 10.0.80.1 auth-port 1812 acct-port 1813 key 7

0505071B2040470C radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! !
Reply to
johnedwardhall
Loading thread data ...

I don't understand why you have the following route:

ip route 10.0.80.0 255.255.255.0 FastEthernet0/0

That is the local connected subnet isn't it? I could understand that you may need routes for the vpnpool addresses to the WAN, but not the above.

On the whole isn't it better to use a pool of addresses that is different to the local LAN?

I am thinking it may be an arp issue ... if you try to ping a vpn client from a server/pc on the LAN & while debugging arp on the router, do you see the request & does the router reply? If you do an 'arp -a' on the server on the LAN does the mac address for the client address correspond to that of Fa0/0?

Also, I don't think it is doing any harm, but you appear to have 'ip nat inside' on the physical ATM interfaces, and then the outside on the sub-interfaces which could be confusing. I'm not sure you need it on the atm interface at all - being on the dialer alone may suffice.

Reply to
Al

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.