HPE Community
Switches, Hubs, and Modems
1823147 Members
3511 Online
109647 Solutions
New Discussion юеВ

Re: Internet access through VPN

 
Jason Luckett
Frequent Advisor

тАО11-08-2006 08:51 PM

тАО11-08-2006 08:51 PM

Internet access through VPN

Hi all

I have configured my 7102dl at home for VPN access, but can't seem to get internet access to work when I have VPN'd into my home network.

I can get internet access out when on the local LAN, I have set up the 7102dl to do DHCP and DNS Proxy.

I can access and ping everything on the network when VPN'd in but can't get the internet working.

I have attached my config for you to have a look at.

any help would be gratefully appreciated.

Regards,

Jase
0 Kudos
4 REPLIES 4
Mohieddin Kharnoub
Honored Contributor

тАО11-09-2006 05:34 PM

тАО11-09-2006 05:34 PM

Re: Internet access through VPN

Hi

Once you get VPN connect you will get an IP in this range: 192.168.1.1 - 254, and DNS 192.168.0.1 , and if you notice that the ACLs control your interfaces.

The Public policy controls your VPN, and notice that it won;t allow your traffic through VPN to Internet, but only to LAN.

In the ACL VPN-to-LAN you can notice that :
ip access-list extended VPN-to-LAN
permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

I believe if you add this line:
permit ip 192.168.1.0 0.0.0.255 0.0.0.0 0.0.0.0

or
permit ip any any

Unless you have some other security reasons not to allow VPN users to go anywhere, this line will solve your problem -i believe so :)

Good Luck !!!
Science for Everyone
0 Kudos
Matt Hobbs
Honored Contributor

тАО11-09-2006 05:44 PM

тАО11-09-2006 05:44 PM

Re: Internet access through VPN

The problem is that the "nat source list Internet interface ppp 1 overload" belongs to ACP Private, which belongs to eth 0/1.

To me it seems like you would need to setup a new nat source line to go into the Public ACP since the VPN doesn't really have it's own interface to apply it to. Not sure if that will work or not though.

Most setups will have a proxy server for Internet access for users once they have VPN'd in.

Alternatively, depending on the VPN client you're using some can do split tunneling, the traffic that needs to go to the VPN will go through the VPN, and traffic that needs to go to the Internet will go straight out.

It's an interesting problem though and something I want to try out myself in the near future.
0 Kudos
OLARU Dan
Trusted Contributor

тАО11-09-2006 10:23 PM

тАО11-09-2006 10:23 PM

Re: Internet access through VPN

Or you might try to reserve in DHCP one IP that will be assigned to your computer when it connects inside, and use that IP only to get to internet, for instance:

permit ip host 192.168.1.10 any
0 Kudos
Jason Luckett
Frequent Advisor

тАО11-12-2006 10:22 PM

тАО11-12-2006 10:22 PM

Re: Internet access through VPN

Hi Mohieddin,

I changed the ACL to add the access to any, like you said but it still does not work,

I will try what Matt has sugested, and see if that works.

Many thanks for your input though.

Regards,

Jase
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.