Szukam informacji na temat jak mogę rozwiązać następujący problem.
Mam na cisco ustawiony server pptp, wszystko pięknie działa ale okazuje się , że klienci łączący się przez vpn z windowsa tracą możliwość przeglądania internetu.
Kod: Zaznacz cały
sh run
Building configuration...
Current configuration : 6365 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1199699675
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1199699675
revocation-check none
rsakeypair TP-self-signed-1199699675
!
!
crypto pki certificate chain TP-self-signed-1199699675
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313939 36393936 3735301E 170D3032 30333134 30303135
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31393936
39393637 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A30C 588DD444 4C17E026 077AE454 4458BD87 14D2EC3A 4214D079 4C799B0E
3686D9F8 614BB582 21E7148D 05E9E229 E92C9484 CA957B49 C4A61B91 6346A049
7B18DBB9 11EFE143 314C7788 BAAC8C47 F983734D 11EB1453 08CA8EB5 6F41A5CE
515EF0D8 D579D5BF F54C6DA0 E60EEB78 8C07995E 8C9500B0 131E46C7 674925C2
1B610203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14313D8A 9D8F9C95 658E2A43 0300ED5F 23425A30
25301D06 03551D0E 04160414 313D8A9D 8F9C9565 8E2A4303 00ED5F23 425A3025
300D0609 2A864886 F70D0101 04050003 8181009A CF199046 AF3D6C56 A9C4FC24
88F57E5A CF04CEC0 7593A856 3B9C64E3 0F99195B 6307D04F 7B2A21F7 2F011528
99F2DD10 E671E406 2F01DA7C 0B22621E D6F56895 4BACD12A D8983BE6 95150B29
732E52F2 47D8D47A CC91A820 62DDA662 4E4824A1 EBE80ABB 662089F4 C6A84D17
54E206AA DE1C7105 382D1BD8 ACD8E004 76FCBD
quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool audioartDHCP
network 172.18.47.0 255.255.255.0
default-router 172.18.47.1
dns-server 87.204.204.204 62.233.233.233
!
!
no ip domain lookup
ip domain name yourdomain.com
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
username x privilege 15 secret 5 $1$Cx
username pawel password 7 111x
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 1440
crypto isakmp key xx address 195.x
!
!
crypto ipsec transform-set TS esp-aes esp-sha-hmac
crypto ipsec transform-set TS1 ah-sha-hmac esp-aes 256
crypto ipsec transform-set TS2 esp-3des esp-sha-hmac
crypto ipsec transform-set TS3 esp-aes 256 esp-sha-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 195.x
set transform-set TS3
set pfs group2
match address VPN-TRAFFIC
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
mac-address 000e.7b98.ad2c
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CMAP
!
interface Virtual-Template1
ip unnumbered FastEthernet4
peer default ip address pool PPTP-Pool
no keepalive
ppp encrypt mppe 128
ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 172.18.47.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool PPTP-Pool 172.18.47.30 172.18.47.35
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
!
ip access-list extended VPN-TRAFFIC
permit ip 172.18.47.0 0.0.0.255 172.16.0.0 0.15.255.255
permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.15.255.255
!
access-list 23 permit any
access-list 100 deny ip 172.18.47.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 100 deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 100 permit ip 172.18.47.0 0.0.0.255 any
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
yourname#relo
yourname#reload cancel
yourname#
***
*** --- SHUTDOWN ABORTED ---
***
