PPTP client not able to browse internet without split tunneling

Unanswered Question
Dec 26th, 2007

Hi all,

I want to configure a 871 router to act as a PPTP server, but the PPTP client (win xp) should be able to access the Internet through the tunnel, and not with "split tunneling" (it means all traffic coming out from the windows client should be tunneled).

In the PPTP client, I have checked the option "use default gateway on remote network" in TCP/IP properties, because the client should NOT access the Internet directly. I am able to establish the PPTP connection and access computers behind the 871, but it is not possible to browse Internet.

I have configured the router like this :

vpdn-group 1


protocol pptp

virtual-template 1


interface Vlan1

ip address

ip nat inside


interface Virtual-Template1

ip address

peer default ip address pool Pool-For-Vpn-Client

ppp authentication chap ms-chap


ip local pool Pool-For-Vpn-Client


ip nat inside source list 100 interface FastEthernet4 overload


access-list 100 deny ip

access-list 100 permit ip any

The target is to tunnel all the traffic as if the PPTP client is in the LAN behind the 871. Unfortunately, the only solution is to do the split tunneling by allowing the PPTP client to uncheck the "use default gateway on remote network" option, which is not what I want :-)

Any ideas? I saw a lot of things of some newsgroups but they all want the opposite (VPN access, and internet access but not through the VPN tunnel).



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
zshadowcisco Sat, 12/29/2007 - 08:06

Ok, I found the solution myself :

Because the client is connected to Virtual-Template1, I also have to add "ip nat inside" to Virtual-Template1, and "access-list 100 permit ip any" to enable the NAT translation for packets comings from the VPN clients :-)

It was so obvious!



This Discussion