HI Marcin

I added the IP nat for outside and inside, but stil i am not able to browse from the System.

Javhar

find  the config ..

aaa new-model
aaa authentication ppp default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
!
!
no ip cef
no ip dhcp use vrf connected
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip domain name cisco.com
ip name-server 1x1.2x2.1x0.180
ip name-server 121.2x2.1x0.211
no ip ips deny-action ips-interface
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
  protocol l2tp
  virtual-template 1
no l2tp tunnel authentication
!
username ciscoadmin privilege 15 password 0
username test1 password 0
!
!
crypto keyring L2TP
  pre-shared-key address 0.0.0.0 0.0.0.0 key q1w2e3r4t5
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key cisco hostname w2k01
crypto isakmp keepalive 3600
!
crypto ipsec security-association lifetime seconds 600
!
crypto ipsec transform-set TS1 esp-3des esp-md5-hmac
mode transport
!
crypto dynamic-map DYN_MAP 10
set nat demux
set transform-set TS1
reverse-route
!
crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP
!
interface Loopback0
ip address 10.10.10.1 255.255.0.0
!
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 15.11.23.94 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex full
speed 100
crypto map CRYP_MAP
!
interface FastEthernet0/1
description $FW_INSIDE$$ES_LAN$
ip address 192.168.6.1 255.255.0.0 secondary
ip address 15.11.23.13 255.255.255.192
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool vpnPOOL
ppp mtu adaptive
ppp authentication chap ms-chap
!
ip local pool vpnPOOL 192.168.6.150 192.168.6.160
ip classless
ip route 0.0.0.0 0.0.0.0 15.11.23.93
ip route 192.168.0.0 255.255.0.0 Loopback0
!
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 15.11.23.250 9996
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.6.0
snmp-server ifindex persist
!
control-plane
end

Javahar,

I don't see "ip nat inside" on virtual-templ interface.

When you connect l2tp client a virtual-access interface is spawned with items you configured on the virtual-template. If no nat is configured there, u-tuned traffic will not be natted and will be sent out in clear with private IP addressing.

Marcin

Hi Marcin

I added IP nat to Interface but .. still i am not able to browse from the laptop

interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
peer default ip address pool vpnPOOL
ppp mtu adaptive
ppp authentication chap ms-chap

the output for the nsloop up and traceroute

PPP adapter hi heloo:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.6.151
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.6.151
        DNS Servers . . . . . . . . . . . : 121.242.190.180
                                            121.242.190.211

C:\>nslookup yahoo.com
*** Can't find server name for address 172.16.1.1: Non-existent domain
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 121.242.190.180: Timed out
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 121.242.190.211: Timed out
*** Default servers are not available
Server:  UnKnown
Address:  172.16.1.1

Non-authoritative answer:
Name:    yahoo.com
Addresses:  67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
          209.191.122.70

C:\>tracert yahoo.com

Tracing route to yahoo.com [98.137.149.56]
over a maximum of 30 hops:

  1    59 ms    57 ms    58 ms  10.10.10.1
  2     *        *        *     Request timed out.
  3     *        *     ^C
C:\>

Javahar,

Are you sure your routing table ("route print" on windows) is poiting you to go to internet via l2tp tunnel?

I see your next hop is reported as 10.10.10.1...

Marcin

Marcin

plz find router print output

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0e 7b 2d bf 23 ...... Intel(R) PRO/100 VE Network Connection - Pac
ket Scheduler Miniport
0x140004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.1.1      172.16.1.9       21
          0.0.0.0          0.0.0.0    192.168.6.151   192.168.6.151       1
      72.163.5.80  255.255.255.255       172.16.1.1      172.16.1.9       20
    115.111.23.94  255.255.255.255       172.16.1.1      172.16.1.9       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.1.0    255.255.255.0       172.16.1.9      172.16.1.9       20
       172.16.1.9  255.255.255.255        127.0.0.1       127.0.0.1       20
   172.16.255.255  255.255.255.255       172.16.1.9      172.16.1.9       20
     184.51.34.64  255.255.255.255       172.16.1.1      172.16.1.9       20
    192.168.6.151  255.255.255.255        127.0.0.1       127.0.0.1       50
    192.168.6.255  255.255.255.255    192.168.6.151   192.168.6.151       50
  204.160.104.126  255.255.255.255       172.16.1.1      172.16.1.9       20
   205.128.84.126  255.255.255.255       172.16.1.1      172.16.1.9       20
    209.85.153.83  255.255.255.255       172.16.1.1      172.16.1.9       20
        224.0.0.0        240.0.0.0       172.16.1.9      172.16.1.9       20
        224.0.0.0        240.0.0.0    192.168.6.151   192.168.6.151       1
  255.255.255.255  255.255.255.255       172.16.1.9      172.16.1.9       1
  255.255.255.255  255.255.255.255    192.168.6.151   192.168.6.151       1
Default Gateway:     192.168.6.151
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
     121.243.81.0    255.255.255.0     172.17.122.1       1
    203.200.231.0    255.255.255.0     172.17.122.1       1

C:\>tracert yahoo.com

Tracing route to yahoo.com [209.191.122.70]
over a maximum of 30 hops:

  1    61 ms    58 ms    58 ms  10.10.10.1
  2     *        *        *     Request timed out.
  3  ^C
C:\>

Javahar,

Good, now we know that traffic is going over the tunnel! I missed 10.10.10.1 being the loopback address.

Can you please check if we're installing NAT translation when going over the tunnel? "show ip nat trans" output when running a test.

"debug ip nat" will show you some additional outputs

Javahar,

You replied to Martin's message not mine ;-)

So do you see NAT entries for your traffic, making u-turn to the Internet?

Marcin

HI Marcin

as i told you VPN is working fine, but when i connectg the VPN i am not able to access the internet ... I  am able to access the Local lan. but the issue i  want access the internet at the same time.

Javahar