Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
0
Helpful
3
Replies

cannot browse internet and have network access by vpn

aconticisco
Level 2
Level 2

‎04-22-2011 08:05 AM - edited ‎03-06-2019 04:45 PM

Hello,

please see my config as I just setup a 1721 router to have internet ppeoe access through dialer 1. It is connecting fine and getting wan ip and can ping by hostname even from lan machines to the internet however browsing works only for google searches and none of the links work.

Also when connecting through vpn from a pc to the 1721 vpn enabled router, the pc connects using the cisco client but I cannot ping neither the router or the lan pc.

Your help is greatly appreciated...

dslrouter#show run
Building configuration...

Current configuration : 2715 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname dslrouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.IXf$fxnP7T0nXOxXydiTOTLX30
!
aaa new-model
!
!
aaa authentication login AAA-VPN local
aaa authorization network AAA-VPN local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool dhcpgroup1
   network 192.168.1.0 255.255.255.0
   domain-name home.local
   dns-server 194.158.37.196
   default-router 192.168.1.1
!
!
ip name-server 194.158.37.196
vpdn enable
!
!
!
!
!
username admin privilege 15 password 7 04570A0216285E4B0D
username and password 7 151E0A081D2325362D37
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnall
key xxxxx
dns 192.168.1.1
pool VPNALLPOOL
!
!
crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set 3des-sha
!
!
crypto map vpn client authentication list AAA-VPN
crypto map vpn isakmp authorization list AAA-VPN
crypto map vpn client configuration address respond
crypto map vpn 10 ipsec-isakmp dynamic dynmap
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 8/35
  pppoe-client dial-pool-number 1
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface Dialer1
description ***Outside***
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username xxxxxx password 7 101C584D5743405A54
crypto map vpn
!
ip local pool VPNALLPOOL 192.168.1.180 192.168.1.190
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source route-map RM-POLICY-NAT interface Dialer1 overload
!
ip access-list extended ACL-POLICY-NAT
permit ip any any
ip access-list extended acl_firewall
permit esp any any
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
!
access-list 1 permit 192.168.1.0 0.0.0.255
route-map RM-POLICY-NAT permit 10
match ip address ACL-POLICY-NAT
!
!
control-plane
!
!
line con 0
password 7 000812021D5205140A25
line aux 0
line vty 0 4
password 7 011F07004202081D2448
!
end

Labels:
0 Helpful
3 Replies 3

manish arora
Level 6
Level 6

‎04-22-2011 10:21 AM

Problem 1 > Cannot access internet other than Google :-

1> Try reducing the mtu on the dialer interface :-

   interface Dialer1

  no ip mtu 1492

   ip mtu 1450

Problem 2 > Vpn can connect but no Ping etc :-

2>

remove = ip nat inside source list 1 interface Dialer1 overload

add =

ip access-list extended ACL-POLICY-NAT

deny ip 192.168.1.0 0.0.0.255 192.168.1.176 0.0.0.15
permit ip any any

crypto dynamic-map dynmap 10
set transform-set 3des-sha

reverse-route

Manish

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-22-2011 10:22 AM

Hi

try adding this command and test again

int dialer1

ip tcp adjust-mss 1452

HTH

Reza

0 Helpful

aconticisco
Level 2
Level 2
In response to Reza Sharifi

‎04-24-2011 02:14 AM

Hello All,

the internet issue seems to be working fine now thanks to this setting:

int dialer1

ip tcp adjust-mss 1452

many thanks Reza Sharifi

However the other issue still persists altough now when I ping the router ip 192.168.1.1 while connected to the vpn I get a reply from it's wan ip back. I tried to ping another pc with file sharing on however I got no reply. My goal is to be able to access the remote network while connected to the vpn and also be able to telnet the 1721 router while connected to the vpn.

I always tried to ping by ip and these are the ip settings obtained when connected to the vpn.

ip address    192.168.1.180

subnet          255.255.255.0

gateway       192.168.1.1

dns               192.168.1.1

All of a sudden on the router I am flooded with these messages:

*Mar  1 03:40:50.819: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=827CF144, count=0
-Traceback= 0x80695558 0x8014CEC8 0x80152008 0x8015A104 0x80092040 0x80E920A0 0x8015A230 0x80A6C0D0 0x80A6C350 0x8139B490 0x8139BA98 0x8139BB88 0x80385558 0x80388B10

If it is a seperate issue please tell me so that I open a new discussion for it

0 Helpful
Customers Also Viewed These Support Documents