Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet Access through VPN 3005

Hi

we have recently deployed one VPN 3005 Concentrator at the central site and the dialup remote users are able to establish the IPSEC tunnel to the central site.But after putting the concentrator in after my router my internal users are not able to access the internet.This is directly connected to the router with a cross cable.I also tried to enable NAT on private and public interfaces on the 3005 and I am able to ping any public IP from my internal network but can access any HTTP or web server.

My remote dialup users are also not able to access the internet while talking to the VPN concentrator.Pls help

sanjay sangwan

3 REPLIES
Silver

Re: Internet Access through VPN 3005

Are you assigning them a dns server when you allocate them an ip? from a command prompt, when you ping www.cnn.com, do you get an unknown host message, or ping failures (cnn.com blocks ping, but you should be able to resolve its hostname to an ip address).

Is your topology a multiple interfaced router, with one int. being outside, one inside, and one connected to the vpn3005? Are you doing nat on the router? Any ACLS on the router?

New Member

Re: Internet Access through VPN 3005

NO I am not using any nat on router .The serial and E0 interfaces are configured on ISP public IP addresses. E0 of router is directly connected with a cross cable to the VPN 3005 which in turn connected to the LAN Switch.

Router has only one ethernet interface.

I am not using any acl at the router.

My internal users should access the internet through the VPN 3005.Can it be possible.

sanjay

Cisco Employee

Re: Internet Access through VPN 3005

You need ot make sure you remove the Public filter off the Public interface. By default only encrypted-type traffic and ICMP is allowed in on this interface, if you have standard traffic going out and then coming back in, you need to put the Private filter on or put no filter on it at all.

Keep in mind that taking this filter off will mean that outside users can HTTP to your 3005, so make sure you have a good password or better yet, set up the Access Control under Administration so that only your inside users can browse to it.

104
Views
0
Helpful
3
Replies
CreatePlease login to create content