Solved: Re: PPTP Connected in cisco VPN but n'working internet access

fakhrul.ulum · ‎01-20-2013

what's wrong with my configuration but my device not' connected internet i use ubuntu LTS 12.04
cisco 1841

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot system flash c1841-ipbasek9-mz.124-24.T.bin

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$eb9Q$7kMUF5Am0kVn/QXwssfrD/

!

aaa new-model

!

aaa authentication login default local

aaa authentication ppp default local

aaa authorization network default local

!

aaa session-id common

dot11 syslog

no ip source-route

!

ip cef

ip name-server 202.134.1.10

ip name-server 202.134.0.155

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group PPTP

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

username ala***n password 7 051B131C2A4343

username fa***ul privilege 15 password 7 03520B59565F701C16594B51

archive

log config

hidekeys

!

interface FastEthernet0/0

ip address 222.124.152.181 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description ====LOCAL=====

ip address 192.168.100.1 255.255.255.0

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no mop enabled

!

interface Virtual-Template1

description ##PPTP TUNNEL##

ip unnumbered FastEthernet0/0

no ip redirects

no ip unreachables

no ip proxy-arp

peer default ip address pool PPTP_POOL

no keepalive

ppp authentication pap chap ms-chap

ppp timeout idle 360

!

ip local pool PPTP_POOL 192.168.101.110 192.168.101.125

ip default-gateway 222.124.152.161

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 222.124.152.161

!

no ip http server

no ip http secure-server

!

ip nat pool fahrul 222.124.152.181 222.124.152.181 prefix-length 29

ip nat inside source list 77 pool fahrul overload

!

access-list 23 permit 10.10.20.0 0.0.0.255

access-list 77 permit 192.168.2.0 0.0.0.255

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip 192.168.100.0 0.0.0.255 any

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit udp host 203.197.12.30 eq domain host 121.243.96.154

access-list 101 permit ip 10.10.20.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 101 deny ip 192.168.100.0 0.0.0.255 any

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any log

!

control-plane

!

line con 0

line aux 0

line vty 0 4

Karsten Iwen · ‎01-24-2013

This inside network is also not in the NAT-definition. Add the following:

access-list 77 permit 192.168.100.0 0.0.0.255

Sent from Cisco Technical Support iPad App

View solution in original post

Karsten Iwen · ‎01-20-2013

Important things first:

Change your passwords immediately! You posted them in cleartext (type 7 IS cleartext) and knowing your name its likely that any bad boy can login to your router now.

Sent from Cisco Technical Support iPad App

Karsten Iwen · ‎01-21-2013

And now regarding your problem:

Your NAT is wrong:
- On your outside interface Fa0/0 you need "ip nat outside".
- The NAT-list has to include the traffic from your PPTP pool:

access-list 77 permit 192.168.101.0 0.0.0.255

Sent from Cisco Technical Support iPad App

fakhrul.ulum · ‎01-24-2013

can you help me guys'

excuisme why my client can't internet access from my config

(INTERNET)-------->[ROUTER]---->[CLINET]

Clinet :

Ubuntu LTS 12.04

IP 192.168.100.2

Netmas 255.255.255.0

Gateway 192.168.100.1

DNS Server 202.134.1.10

Please help me

Karsten Iwen · ‎01-24-2013

This inside network is also not in the NAT-definition. Add the following:

access-list 77 permit 192.168.100.0 0.0.0.255

Sent from Cisco Technical Support iPad App

fakhrul.ulum · ‎01-24-2013

i add
access-list 77 permit 192.168.100.0 0.0.0.255

not connect Internet CLIENT from ROUTER

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot system flash c1841-ipbasek9-mz.124-24.T.bin

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$eb9Q$7kMUF5Am0kVn/QXwssfrD/

!

aaa new-model

!

aaa authentication login default local

aaa authentication ppp default local

aaa authorization network default local

!

aaa session-id common

dot11 syslog

no ip source-route

!

ip cef

ip name-server 202.134.1.10

ip name-server 202.134.0.155

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group PPTP

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

username alauddin privilege 15 secret 5 $1$G03q$UwzLwisLrlanVnh6VCVZE.

username fakhrul privilege 15 secret 5 $1$gOx9$FrpywAJZISgjnwBfs2nyj/