I have an 837 (12.4) connected to a DSL provider. The assigned IP address is dynamic. I can access to the router and network behind 837 with the VPN client. While connected with the VPN can not view public hosts (browse the web). From what I can tell, my issue has to do with NAT. My assigned VPN address does not get overloaded with the inside addresses. Any suggestions on how gain internet access while connected with the VPN client. I am not interested in split tunneling.

gwrtr#show running-config

version 12.4

hostname gwrtr

!

boot-start-marker

boot-end-marker

!

logging buffered 12000 debugging

enable secret 5 xxxxxx

!

aaa new-model

!

!

aaa authentication login clientauth local

aaa authorization network groupauthorization local

!

aaa session-id common

clock timezone CST -6

clock summer-time CDT recurring

no ip source-route

no ip dhcp use vrf connected

ip dhcp excluded-address 172.31.255.250 172.31.255.254

!

ip dhcp pool primaryippool

network 172.31.255.240 255.255.255.240

default-router 172.31.255.254

dns-server x.x.x.201 x.x.x.201 x.x.x.1

!

!

ip cef

ip domain name xxxxxx.com

ip name-server x.x.x.201

ip name-server x.x.x.201

!

username xxxxxx password 0 xxxxx

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group xxxxxx

key xxxxxx

dns x.x.x.201 x.x.x.201

pool remoteippool

crypto isakmp profile VPNclient

description VPN Client Profile

match identity group xxxxxx

client authentication list clientauth

isakmp authorization list groupauthorization

client configuration address respond

!

!

crypto ipsec transform-set sha3des esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set sha3des

set isakmp-profile VPNclient

!

!

crypto map VPN 10 ipsec-isakmp dynamic dynmap

!

!

!

interface Ethernet0

ip address 172.31.255.254 255.255.255.240

ip access-group eth0in in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no ip mroute-cache

hold-queue 100 out

!

interface ATM0

mtu 1300

no ip address

no ip mroute-cache

atm vc-per-vp 64

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface Dialer1

ip address negotiated

ip access-group 111 in

no ip proxy-arp

ip mtu 1492

ip nat outside

ip inspect fwinout out

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer remote-name redback

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname xxxxxx

ppp chap password 0 xxxxxx

ppp pap sent-username xxxxxx password 0 xxxxx

ppp ipcp dns request

ppp ipcp wins request

crypto map VPN

!

ip local pool remoteippool 172.31.255.236 172.31.255.239

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

no ip http secure-server

!

ip nat inside source route-map publicpat interface Dialer1 overload

!

!

ip access-list extended eth0in

permit ip 172.31.255.240 0.0.0.15 any

permit ip 172.31.255.232 0.0.0.7 any

permit ip host 0.0.0.0 host 255.255.255.255

deny ip any any log

access-list 102 deny ip 172.31.255.240 0.0.0.15 172.31.255.236 0.0.0.3

access-list 102 deny ip 172.31.255.232 0.0.0.7 172.31.255.240 0.0.0.15

access-list 102 deny ip 172.31.255.236 0.0.0.3 172.31.255.240 0.0.0.15

access-list 102 permit ip 172.31.255.240 0.0.0.15 any

access-list 102 permit ip 172.31.255.236 0.0.0.3 any

access-list 102 permit ip 172.31.255.232 0.0.0.7 any

access-list 111 permit udp any any eq non500-isakmp

access-list 111 permit udp any any eq isakmp

access-list 111 permit esp any any

access-list 111 permit udp any any eq ntp

access-list 111 deny ip any any

access-list 122 deny tcp any any eq telnet

access-list 122 permit ip any any

access-list 172 permit ip 172.31.255.236 0.0.0.3 any

dialer-list 1 protocol ip permit

no cdp run

route-map publicpat permit 10

match ip address 102

!

end

Thanks