10-23-2008 01:45 AM - edited 03-06-2019 02:05 AM
I want to explain a problem that I encounter during branche router installation with VPN.
I configured the router with PPPoE and Internet connection (when pinging all is OK), Next with VPN, the tunnel is perfect.
Until now at level 3 (IP connection) all working right.
But, using this configuration, only one computer can access all web pages, other computer access only google.com and few others (note that one computer can access all).
First thinking of VPN connection problem, I did only NAT to see... same problem.
Next, tried to connect directely a computer to the router to see if the switch causes the problem... same problem.
Tried also to use completely other router... and the problem still the same.
Noting that when doing PPPoE using one computer and sharing the Internet, all computers access Internet with no problem!!!
Now, I tried to do static NAT, and already for one computer it's OK for the others no connection...means the same problem.
Any Idea ???
If the ISP cause problem, why when sharing with a computer all works fine ??
Good ideas will be rated.
10-23-2008 02:11 AM
You need to check your NAT configuration for the inside LAN to the outside Internet.
HTH>
10-23-2008 02:39 AM
NAT is working correctely:
Inside, and outside
and using overloading on the Dialer PPPeO interface.
Plz note that only one computer is connecting (always the same one).
Regards
10-23-2008 02:41 AM
Please post the config for review.
10-23-2008 05:59 AM
Here is the configuration :
ip dhcp pool vlan110
network 192.168.110.0 255.255.255.0
default-router 192.168.110.250
domain-name ctc-centre.dz
dns-server 192.168.0.7 193.251.169.165 80.249.75.23
bba-group pppoe global
interface FastEthernet0/0
description CONNECTED TO ADSL CONNECTION
no ip address
duplex half
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface FastEthernet0/1
ip address 192.168.110.250 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname 565487
ppp chap password 0 oucherif
ppp pap sent-username 565487 password 0 oucherif
ip nat inside source list 1 interface Dialer1 overload
Regards,
10-23-2008 06:15 AM
Omar
I am puzzled. Your original post discussed a problem using VPN. But the configuration information that you post has absolutely nothing in it about VPN. Has the problem changed and now it is not about VPN? If it is still about VPN then where is the VPN information?
HTH
Rick
10-29-2008 03:33 AM
Hello,
Sorry for my bad explain, my problem is not the VPN, but the Internet access.
As I said, my VPN is working correctely but to well thinking about this problem, I prefer don't talk about VPN but just to say that using my internet connection, only one computer can access internet, and others only some few sites.. and what's strange that all computer can ping and resolve DNS for any website (pings passes but HTTP requests give nothing).
Regards,
10-29-2008 06:49 AM
Can you post your ACL 1 config and your acl for your crypto map? You need to permit the local subnet access out to any but deny any traffic that needs to go over the vpn tunnel.
--John
10-29-2008 07:52 AM
VPN ACL
permit 192.168.110.0/24 192.168.0.0/16
NAT ACL
deny any 192.168.0.0/16
permit any any
I made tests without VPN and only a permit any for the NAT ACL and it gives the same problem.
10-31-2008 01:42 AM
I've seen similar due to TCP segment size.
Try the command "ip tcp adjust-mss 1452" under the wan interface.
Hope this helps.
11-17-2008 12:26 AM
Yes this was the problem!
Thanks you much,
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: