Internet problem

Unanswered Question
Oct 23rd, 2008

I want to explain a problem that I encounter during branche router installation with VPN.

I configured the router with PPPoE and Internet connection (when pinging all is OK), Next with VPN, the tunnel is perfect.

Until now at level 3 (IP connection) all working right.

But, using this configuration, only one computer can access all web pages, other computer access only and few others (note that one computer can access all).

First thinking of VPN connection problem, I did only NAT to see... same problem.

Next, tried to connect directely a computer to the router to see if the switch causes the problem... same problem.

Tried also to use completely other router... and the problem still the same.

Noting that when doing PPPoE using one computer and sharing the Internet, all computers access Internet with no problem!!!

Now, I tried to do static NAT, and already for one computer it's OK for the others no connection...means the same problem.

Any Idea ???

If the ISP cause problem, why when sharing with a computer all works fine ??

Good ideas will be rated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
omar.elmohri Thu, 10/23/2008 - 02:39

NAT is working correctely:

Inside, and outside

and using overloading on the Dialer PPPeO interface.

Plz note that only one computer is connecting (always the same one).


omar.elmohri Thu, 10/23/2008 - 05:59

Here is the configuration :

ip dhcp pool vlan110





bba-group pppoe global

interface FastEthernet0/0


no ip address

duplex half

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

interface FastEthernet0/1

ip address

ip nat inside

ip virtual-reassembly

duplex auto

speed auto


interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname 565487

ppp chap password 0 oucherif

ppp pap sent-username 565487 password 0 oucherif

ip nat inside source list 1 interface Dialer1 overload


Richard Burts Thu, 10/23/2008 - 06:15


I am puzzled. Your original post discussed a problem using VPN. But the configuration information that you post has absolutely nothing in it about VPN. Has the problem changed and now it is not about VPN? If it is still about VPN then where is the VPN information?



omar.elmohri Wed, 10/29/2008 - 03:33


Sorry for my bad explain, my problem is not the VPN, but the Internet access.

As I said, my VPN is working correctely but to well thinking about this problem, I prefer don't talk about VPN but just to say that using my internet connection, only one computer can access internet, and others only some few sites.. and what's strange that all computer can ping and resolve DNS for any website (pings passes but HTTP requests give nothing).


John Blakley Wed, 10/29/2008 - 06:49

Can you post your ACL 1 config and your acl for your crypto map? You need to permit the local subnet access out to any but deny any traffic that needs to go over the vpn tunnel.


omar.elmohri Wed, 10/29/2008 - 07:52




deny any

permit any any

I made tests without VPN and only a permit any for the NAT ACL and it gives the same problem.

rmcarthur Fri, 10/31/2008 - 01:42

I've seen similar due to TCP segment size.

Try the command "ip tcp adjust-mss 1452" under the wan interface.

Hope this helps.


This Discussion