cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
633
Views
5
Helpful
10
Replies

Internet problem

omar.elmohri
Level 1
Level 1

I want to explain a problem that I encounter during branche router installation with VPN.

I configured the router with PPPoE and Internet connection (when pinging all is OK), Next with VPN, the tunnel is perfect.

Until now at level 3 (IP connection) all working right.

But, using this configuration, only one computer can access all web pages, other computer access only google.com and few others (note that one computer can access all).

First thinking of VPN connection problem, I did only NAT to see... same problem.

Next, tried to connect directely a computer to the router to see if the switch causes the problem... same problem.

Tried also to use completely other router... and the problem still the same.

Noting that when doing PPPoE using one computer and sharing the Internet, all computers access Internet with no problem!!!

Now, I tried to do static NAT, and already for one computer it's OK for the others no connection...means the same problem.

Any Idea ???

If the ISP cause problem, why when sharing with a computer all works fine ??

Good ideas will be rated.

10 Replies 10

andrew.prince
Level 10
Level 10

You need to check your NAT configuration for the inside LAN to the outside Internet.

HTH>

NAT is working correctely:

Inside, and outside

and using overloading on the Dialer PPPeO interface.

Plz note that only one computer is connecting (always the same one).

Regards

Please post the config for review.

Here is the configuration :

ip dhcp pool vlan110

network 192.168.110.0 255.255.255.0

default-router 192.168.110.250

domain-name ctc-centre.dz

dns-server 192.168.0.7 193.251.169.165 80.249.75.23

bba-group pppoe global

interface FastEthernet0/0

description CONNECTED TO ADSL CONNECTION

no ip address

duplex half

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

interface FastEthernet0/1

ip address 192.168.110.250 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname 565487

ppp chap password 0 oucherif

ppp pap sent-username 565487 password 0 oucherif

ip nat inside source list 1 interface Dialer1 overload

Regards,

Omar

I am puzzled. Your original post discussed a problem using VPN. But the configuration information that you post has absolutely nothing in it about VPN. Has the problem changed and now it is not about VPN? If it is still about VPN then where is the VPN information?

HTH

Rick

HTH

Rick

Hello,

Sorry for my bad explain, my problem is not the VPN, but the Internet access.

As I said, my VPN is working correctely but to well thinking about this problem, I prefer don't talk about VPN but just to say that using my internet connection, only one computer can access internet, and others only some few sites.. and what's strange that all computer can ping and resolve DNS for any website (pings passes but HTTP requests give nothing).

Regards,

Can you post your ACL 1 config and your acl for your crypto map? You need to permit the local subnet access out to any but deny any traffic that needs to go over the vpn tunnel.

--John

HTH, John *** Please rate all useful posts ***

VPN ACL

permit 192.168.110.0/24 192.168.0.0/16

NAT ACL

deny any 192.168.0.0/16

permit any any

I made tests without VPN and only a permit any for the NAT ACL and it gives the same problem.

I've seen similar due to TCP segment size.

Try the command "ip tcp adjust-mss 1452" under the wan interface.

Hope this helps.

Yes this was the problem!

Thanks you much,

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: