Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN - between Win 3.X client, router (IOS 12.2, 1721), intranet


i've now a running version for a VPN between a 1721 router and a Windows Cisco 3.X VPN client in a test environment.

Topology of network is like this:

|Win 3.x VPN Client|----|Simulated www|----|fe0 <router> e1|----|Intranet|

configuration is realy near to this example:

Most things works fine. Authentication, logon works.

VPN Client gets private IP from Pool. VPN can ping hosts located in Intranet.

The problem is now, that EVERYBODY can connect to the intranet.

He mus only have a valid IP address from the pool. Access Lists does'nt help there.

For Example :

Client's IP is

Router's fe0 IP is

Router's e1 IP is

Intranet's Address is

VPN IP Pool is -

Routes are correct set.

access-lists allows only for net to connect to net.

When client logs on, he get an IP from pool (e.g.,

and can connect to a host in the intranet.

On this point everthing seems to be fine ....

Now i use a host in the "www" or extranet, and set the IP on this host to one from pool (e.g., set a gateway route for this net to the router

(route add MASK

and can connect to this network. Without any authentication - nothing ...

ok - in the internet - ip spoofing is not easy - but possibe - and using IP's

from Private pool doese'nt make it realy secure ...

Is there a possibility to make authentication also for the intranet - not only for VPN?

Or a possibility to create a Tunnel device on VPN connection - or something like that - that is then alowed to connect to intranet ?

What is the best strategy there ?

thanks for helping a CISCO newbie


Thomas Schmidt

Cisco Employee

Re: VPN - between Win 3.X client, router (IOS 12.2, 1721), intra

Hi Thomas,

You should be able to use AAA to setup authentication for the Intranet clients.

Some of the links that would help:



CreatePlease to create content