PPTP client not able to browse internet without split tunneling
I want to configure a 871 router to act as a PPTP server, but the PPTP client (win xp) should be able to access the Internet through the tunnel, and not with "split tunneling" (it means all traffic coming out from the windows client should be tunneled).
In the PPTP client, I have checked the option "use default gateway on remote network" in TCP/IP properties, because the client should NOT access the Internet directly. I am able to establish the PPTP connection and access computers behind the 871, but it is not possible to browse Internet.
I have configured the router like this :
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip address 192.168.2.1 255.255.255.0
peer default ip address pool Pool-For-Vpn-Client
ppp authentication chap ms-chap
ip local pool Pool-For-Vpn-Client 192.168.2.10 192.168.2.20
ip nat inside source list 100 interface FastEthernet4 overload
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
The target is to tunnel all the traffic as if the PPTP client is in the LAN behind the 871. Unfortunately, the only solution is to do the split tunneling by allowing the PPTP client to uncheck the "use default gateway on remote network" option, which is not what I want :-)
Any ideas? I saw a lot of things of some newsgroups but they all want the opposite (VPN access, and internet access but not through the VPN tunnel).
Re: PPTP client not able to browse internet without split tunnel
Ok, I found the solution myself :
Because the client is connected to Virtual-Template1, I also have to add "ip nat inside" to Virtual-Template1, and "access-list 100 permit ip 192.168.2.0 0.0.0.255 any" to enable the NAT translation for packets comings from the VPN clients :-)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :