Can't access internet locally.

Michael Durham · ‎07-17-2013

My configuration is my office system with a tunnel to a 1841 router at home. The tunnel works great and I can access the network at the offcie and when using RDP to take over my office PC I can surf the Interent. But I cannot access the Internet from my home PC at all. The tunnel is set up on the routers, no vpn software on the pc.

I cannot bring the tunnel down to be able to surf locally, I need to do both at the same time. Sould I use an ACL? What would it look like?

Attached is both the office and home router config files. The home pc is on the 1192.168.254.0/30 network and the office network is 192.168.10.0/24.

thomas.g.fan · ‎07-17-2013

Hi Michael,

Checked your configuration and I believe there is a (ADSL?) modem/router between your home router and Internet and the reason why you can't browse Internet from home is because your modem/router doesn't have the route to 192.168.254.0/24. So you can try either

1. add route in your modem/router

2. add a NAT in your home router

Option 2 should still works even there isn't a modem/router. For option 2, you COULD TRY this configuration:

no ip access-list extended NAT_ACL

ip access-list extended NAT_ACL

deny ip any 192.168.0.0 0.0.255.255

deny ip host 172.30.1.2 any

deny ip any host 172.30.1.1

permit ip any any

interface FastEthernet0/1.254

ip nat inside

interface FastEthernet0/0

ip nat outside

To rollback above changes if things go wrong, run below:

interface FastEthernet0/1.254

no ip nat inside

interface FastEthernet0/0

no ip nat outside

no ip access-list extended NAT_ACL

ip access-list extended NAT_ACL

permit ip any any

deny ip host 172.30.1.1 any

BTW, it would be safer to remove crypto isakmp key information and some portion of your devices' public IP address before you upload your configuration.