Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1619
Views
10
Helpful
3
Replies

Cisco router as PPTP Client, unable to browse internet

ikorzha
Level 1
Level 1

‎12-01-2017 06:31 PM - edited ‎03-05-2019 09:34 AM

Hi to all, I have the following issue:.

I have a cisco 1921 that I am planning to use as PPTP client to connect to PPTP server that has internet connectivity.

I get PPTP tunnel established, but clients on local segment of PPTP client cisco router 192.168.15.0/24 are unable to reach internet.

My current config below:

Any suggestions how to fix this simple problem would be greatly appreciated

 

 

------------------ show version ------------------

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.5(3)M6a, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Mon 25-Sep-17 06:12 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

papan uptime is 9 minutes
System returned to ROM by power-on
System image file is "flash:c1900-universalk9-mz.SPA.155-3.M6a.bin"
Last reload type: Normal Reload
Last reload reason: power-on

 

Building configuration...

Current configuration : 2708 bytes
!
! Last configuration change at 01:48:04 UTC Sat Dec 2 2017
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname papan
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.155-3.M6a.bin
boot system usbflash0:c1900-universalk9-mz.SPA.155-3.M6a.bin
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.15.1
!
ip dhcp pool 1
 network 192.168.15.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.15.1
 lease 1 6
!
!
!
ip domain name home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group pptp
 request-dialin
  protocol pptp
  pool-member 1
 initiate-to ip 100.100.100.50
!
cts logging verbose
!
!
license accept end user agreement
!
!
username network privilege 15 secret 5 <removed>
!
redundancy
 notification-timer 120000
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description INTERNET
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description INSIDE NETWORK
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer remote-name pptp-Igor
 dialer idle-timeout 0
 dialer string 1234
 dialer persistent
 dialer vpdn
 dialer-group 1
 ppp pfc local request
 ppp pfc remote apply
 ppp authentication ms-chap ms-chap-v2 optional
 ppp chap hostname administrator
 ppp chap password 0 <removed>
 no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map DIALER0_PRIMARY interface Dialer0 overload
ip nat inside source route-map ISP_SECONDARY interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 100.100.100.50 255.255.255.255 GigabitEthernet0/0 dhcp
ip ssh version 2
!
dialer-list 1 protocol ip permit
!
route-map DIALER0_PRIMARY permit 10
 match ip address 100
 match interface Dialer0
!
route-map ISP_SECONDARY permit 10
 match ip address 100
 match interface GigabitEthernet0/0
!
!
access-list 100 permit ip 192.168.15.0 0.0.0.255 any
!
control-plane
!
!
 vstack
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input ssh
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎12-02-2017 01:26 AM

Hello,

 

at first glance, it looks like your static routing is reversed. I have made some changes (in bold), see if that makes a difference:

 

Current configuration : 2708 bytes
!
! Last configuration change at 01:48:04 UTC Sat Dec 2 2017
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
service internal
!
hostname papan
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.155-3.M6a.bin
boot system usbflash0:c1900-universalk9-mz.SPA.155-3.M6a.bin
boot-end-marker
!
no aaa new-model
ethernet lmi ce
!
ip dhcp excluded-address 192.168.15.1
!
ip dhcp pool 1
network 192.168.15.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.15.1
lease 1 6
!
ip domain name home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group pptp
request-dialin
protocol pptp
rotary-group 1
initiate-to ip 100.100.100.50
!
cts logging verbose
!
license accept end user agreement
!
username network privilege 15 secret 5 <removed>
!
redundancy
notification-timer 120000
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description INTERNET
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description INSIDE NETWORK
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer-group 1
dialer remote-name pptp-Igor
dialer idle-timeout 0
dialer string 1234
dialer persistent
dialer vpdn
dialer-group 1
ppp pfc local request
ppp pfc remote apply
ppp authentication ms-chap ms-chap-v2 optional
ppp chap hostname administrator
ppp chap password 0 <removed>
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!

ip classless

!
ip nat inside source route-map DIALER1_PRIMARY interface Dialer1 overload
ip nat inside source route-map ISP_SECONDARY interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip route 100.100.100.50 255.255.255.255 Dialer1
ip ssh version 2
!
dialer-list 1 protocol ip permit
!
route-map DIALER1_PRIMARY permit 10
match ip address 100
match interface Dialer1
!
route-map ISP_SECONDARY permit 10
match ip address 100
match interface GigabitEthernet0/0
!
access-list 100 permit ip 192.168.15.0 0.0.0.255 any
!
control-plane
!
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input ssh
!
scheduler allocate 20000 1000
!

 

0 Helpful

ikorzha
Level 1
Level 1
In response to Georg Pauwen

‎12-02-2017 05:54 AM - edited ‎12-02-2017 06:35 AM

Thank you for your response, I tested the proposed solution, unfortunately something is missing in it.

Since PPTP tunnel doesnt come up currently "Virtual-Access" interface doesn't come up..due to rotary-group 1

When I remove rotary-group 1, tunnel comes up,  local users can browse the internet but NOT thru the dialer1 interface..

 

 

Looking for further suggestions from you, thank you in advance :)

 

 

papan#sh int dialer 1
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address will be negotiated using IPCP
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:14:34
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     0 packets output, 0 bytes

 

NVI0 is up, line protocol is up
  Hardware is NVI
  MTU 1514 bytes, BW 56 Kbit/sec, DLY 5000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation UNKNOWN, loopback not set
  Keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

 

 

Posting current config for reference

 

 

 

! Last configuration change at 13:46:11 UTC Sat Dec 2 2017
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname papan
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.155-3.M6a.bin
boot system usbflash0:c1900-universalk9-mz.SPA.155-3.M6a.bin
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.15.1
!
ip dhcp pool 1
 network 192.168.15.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.15.1
 lease 1 6
!
!
!
ip domain name home
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group pptp
 request-dialin
  protocol pptp
  rotary-group 1
 initiate-to ip 100.100.100.50
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FJC2011L0EA
license accept end user agreement
!
!
!
redundancy
 notification-timer 120000
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description INTERNET
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description INSIDE NETWORK
 ip address 192.168.15.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer remote-name pptp-Igor
 dialer idle-timeout 0
 dialer string 1234
 dialer persistent
 dialer vpdn
 dialer-group 1
 ppp pfc local request
 ppp pfc remote apply
 ppp authentication ms-chap ms-chap-v2 optional
 ppp chap hostname administrator
 ppp chap password 7 xxxxxxxxxxxxxxxxxxx
 no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map DIALER1_PRIMARY interface Dialer1 overload
ip nat inside source route-map ISP_SECONDARY interface GigabitEthernet0/0 overload
ip route 100.100.100.50 255.255.255.255 Dialer1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip ssh version 2
!
dialer-list 1 protocol ip permit
!
route-map DIALER1_PRIMARY permit 10
 match ip address 100
 match interface Dialer1
!
route-map ISP_SECONDARY permit 10
 match ip address 100
 match interface GigabitEthernet0/0
!
!
access-list 100 permit ip 192.168.15.0 0.0.0.255 any
!
control-plane
!
!
 vstack
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input ssh
!
scheduler allocate 20000 1000
ntp server pool.ntp.org
!
end

papan#

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎12-02-2017 06:41 AM

Hello,

 

try your original routing again:

 

ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 100.100.100.50 255.255.255.255 GigabitEthernet0/0 dhcp

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card