Re: Cico 800 (836) VPN to Internet NAT

Merv a écrit :
On May 11, 3:41 pm, HangaS <mafo...@xxxxxxxxx> wrote:
Hi,

I've been struglin for this for a long while.
I've done tons of searches and haven't found a solution on how to
solve this.
Even read all the Cisco documentation on VPDNs, but no help on this
particular issue.

This is my issue:

I have this cisco 836 providing NAT for all the internal networks.
Everything working fine.
I also have a VPN that is working normaly for the internal networks
only. A client connected
to the VPN can access the internal network without problems.

However the VPN users can't access the internet and I have no ideia
where the packets are being droped.
I realy wanted the VPN network to be NATed to the outside, just like
any other internal network.



take a look at this Cisco doc

Router and VPN Client for Public Internet on a Stick Configuration
Example

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008073b06b.shtml




I posted this early in the morning :
HangaS a écrit :
> Hi Merv,
>
> I have come across this doc before, but found others that introduce me
> to split-tunneling.
>
> I didn't want to use a crypto-map neither to use the Cisco VPN client.
> I wanted to use the default Windows client in a next-next-finish
> config maner.
>
> Anyway I tryed to adapt the solution from this doc to my setup. I had
> tryed a similar one before with the loopback interface for the split
> tunnel, but the route-map had a set ip next-hop instead of a set
> interface.
>
> I did some troubleshooting and I fhat the packets are being
> NATed to the internet, reach the target host which sends a reply back
> to the outside IP address of my router but seems that the reply is not
> being traslated back to the VPN network. (altough there is an entry
> for in the 'show ip nat translation' list.
>
> Now I just read in some forum while looking for 'vpdn split tunnel'
> that I can't use split tunniling with pptp? is this true?
>
>
>
>
> On May 11, 9:38 pm, Merv <merv.hr...@xxxxxxxxxx> wrote:
>
>> take a look at this Cisco doc
>>
>> Router and VPN Client for Public Internet on a Stick Configuration
>> Example
>>
>> http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_config...- Hide quoted text -
>>
>> - Show quoted text -
>
Split tunneling can't be set with pptp as it is the responsability of
the vpn client to manage access w/wo a policy pushed by the routeur
(tunnel end point on branch side)
You have to manage static routes on the client side, as with pptp the
default gw alwaysdefaults to the pptp address (make a route print on
your client)
I hab a batch to modify it. I'll try to find quickly and post it here

Hope this helps

Daniel






.

Relevant Pages

  • RE: VPN and Cisco +IIOP question
    ... Leon is right in that the Cisco VPN Client 1.1a won't work with ... Win2k/XP, and the version 3 client won't work with a router based vpn, ... If you are not the intended recipient or the person ... VPN and Cisco +IIOP question ...
    (Security-Basics)
  • Re: Cant start DHCP Service - fixed
    ... Cisco 3000 VPN client...at least I think so...my network ... 3000 VPN client installs components of ZoneLabs' ... ZoneAlarm firewall. ...
    (microsoft.public.windowsxp.network_web)
  • Re: [opensuse] Connection Question
    ... with the cisco vpn because it takes over your routing and hostname lookups. ... Now I can connect to my work network from any machine behind my router, ... I run the VPN client from the ...
    (SuSE)
  • How to Install Cisco VPN Client 4.0.4B in Fedora Core 2
    ... I'm triying to install Cisco VPN Client 4.0.4B ... > Secure VPN Connection terminated locally by the Client ...
    (Fedora)
  • Re: Cico 800 (836) VPN to Internet NAT
    ... I've done tons of searches and haven't found a solution on how to ... I have this cisco 836 providing NAT for all the internal networks. ... I also have a VPN that is working normaly for the internal networks ...
    (comp.dcom.sys.cisco)
Loading