Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
3
Replies

Internet Access through VPN 3005

sanjay.sangwan
Level 1
Level 1

‎06-22-2003 12:55 AM - edited ‎02-21-2020 12:37 PM

Hi

we have recently deployed one VPN 3005 Concentrator at the central site and the dialup remote users are able to establish the IPSEC tunnel to the central site.But after putting the concentrator in after my router my internal users are not able to access the internet.This is directly connected to the router with a cross cable.I also tried to enable NAT on private and public interfaces on the 3005 and I am able to ping any public IP from my internal network but can access any HTTP or web server.

My remote dialup users are also not able to access the internet while talking to the VPN concentrator.Pls help

sanjay sangwan

Labels:
0 Helpful
3 Replies 3

mostiguy
Level 6
Level 6

‎06-22-2003 07:25 AM

Are you assigning them a dns server when you allocate them an ip? from a command prompt, when you ping www.cnn.com, do you get an unknown host message, or ping failures (cnn.com blocks ping, but you should be able to resolve its hostname to an ip address).

Is your topology a multiple interfaced router, with one int. being outside, one inside, and one connected to the vpn3005? Are you doing nat on the router? Any ACLS on the router?

0 Helpful

sanjay.sangwan
Level 1
Level 1
In response to mostiguy

‎06-22-2003 08:33 PM

NO I am not using any nat on router .The serial and E0 interfaces are configured on ISP public IP addresses. E0 of router is directly connected with a cross cable to the VPN 3005 which in turn connected to the LAN Switch.

Router has only one ethernet interface.

I am not using any acl at the router.

My internal users should access the internet through the VPN 3005.Can it be possible.

sanjay

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to sanjay.sangwan

‎06-22-2003 09:27 PM

You need ot make sure you remove the Public filter off the Public interface. By default only encrypted-type traffic and ICMP is allowed in on this interface, if you have standard traffic going out and then coming back in, you need to put the Private filter on or put no filter on it at all.

Keep in mind that taking this filter off will mean that outside users can HTTP to your 3005, so make sure you have a good password or better yet, set up the Access Control under Administration so that only your inside users can browse to it.

0 Helpful
Customers Also Viewed These Support Documents