01-23-2012 06:40 AM - edited 03-04-2019 02:59 PM
Hi,
I have a cisco router with 2 Fastethernet:
- on 0/0 is my lan with address 192.168.0.1 (is gateway for lan with 192.168.0.X)
- on 0/1 is my adsl modem with IP 192.168.1.240 (this modem is connected to any PC on subnet 192.168.1.X)
Now i have a simple PPTP VPN with IP 172.16.0.0 but i can't ping to subnet with 192.168.1.X, also on VPN i don't have a gateway (192.168.0.1 or 192.168.1.1)
Thank you
Mark
Current configuration : 4327 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec=
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system slot0:c3725-adventerprisek9-mz.124-15.T14.bin
boot-end-marker
!
enable secret 5 $1$OR3K$bCknqjvtrHv.gdXKgP0AQ.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
!
aaa session-id common
no ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.0 192.168.0.200
!
ip dhcp pool mypool
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.0.1
lease 7
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip ddns update method dyndns
HTTP
add
http://xxxxx:xxxx@members.dyndns.org/ni ... &hostname=
<h>&myip=<a>
interval maximum 0 2 0 0
interval minimum 0 2 0 0
!
vpdn enable
!
vpdn-group PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
!
!
!
!
!
username xxxx password 0 xxxxxxx
archive
log config
hidekeys
!
!
ip ssh version 1
!
!
!
bba-group pppoe global
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
speed 100
full-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
no cdp enable
!
interface FastEthernet0/1
description ADSL WAN Interface
ip address 192.168.1.240 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip tcp adjust-mss 1452
no ip mroute-cache
speed 100
full-duplex
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
no cdp enable
!
interface Virtual-Template2
ip unnumbered FastEthernet0/0
peer default ip address pool poolipnetconfig
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Dialer1
description ADSL WAN Dialer
bandwidth 100000
ip ddns update hostname xxxxxxxxxx
ip ddns update dyndns
ip address negotiated
ip access-group 101 in
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname aliceadsl@aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl@aliceadsl password 0 aliceadsl
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
ip local pool poolipnetconfig 172.16.0.0 172.16.0.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.16.0.0 255.255.255.248 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static udp 192.168.0.100 40028 interface Dialer1 40028
ip nat inside source static tcp 192.168.0.100 40028 interface Dialer1 40028
ip nat inside source static tcp 192.168.0.1 23 interface Dialer1 23
ip nat inside source static tcp 192.168.0.100 9091 interface Dialer1 9091
ip nat inside source static tcp 192.168.0.100 445 interface Dialer1 445
ip nat inside source static tcp 192.168.0.100 139 interface Dialer1 139
ip nat inside source static tcp 192.168.0.100 22 interface Dialer1 22
ip nat inside source static tcp 192.168.0.100 3306 interface Dialer1 3306
ip nat inside source static tcp 192.168.0.100 21 interface Dialer1 21
ip nat inside source static tcp 192.168.0.100 80 interface Dialer1 80
ip nat inside source static udp 192.168.0.100 1194 interface Dialer1 1194
ip nat inside source static tcp 192.168.0.100 3333 interface Dialer1 3333
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 100 permit tcp any any eq 1723
access-list 100 permit udp any eq isakmp any eq isakmp
access-list 100 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 permit ip any any
access-list 101 permit tcp host 204.13.248.112 eq www any log
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
!
!
01-25-2012 05:44 AM
Hi Marco,
I am not a VPN expert so I cannot say if PPTP vpn config is set correctly or not but I do know that traffic going across VPN should not be NATed, which as per the config is happening at your end.
I would suggest the following change in NAT:
no ip nat inside source list 10 interface Dialer1 overload
no access-list 10 permit 192.168.0.0 0.0.0.255
access-list 110 deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.7
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
ip nat inside source list 110 interface Dialer1 overload
If this does not fix the connectivity issue, I guess then VPN experts out there would have to jump in
Hope it helps
Neeraj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide