Question : Problem: Cisco 827-4V configuration explanation

Would someone be kind enough to explain the following router configuration from a Cisco 827-4V router. I have (hopefully) changed it enough to provide anonymity while still allowing this to be done.

Current configuration:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname
!
enable secret 5 123456789012345678901234567890
!
!
!
!
!
clock timezone NZST 12
clock summer-time NZST recurring 1 Sun Oct 2:00 3 Sun Mar 2:00
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address S> 255.255.255.0
ip access-group 150 in
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no cdp enable
!
interface ATM0
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
hold-queue 224 in
!
interface Dialer0
ip address negotiated
ip access-group 100 in
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username password 7 123456789012345678901234
77
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 110 110 extendable
ip nat inside source static tcp 25 25 extendable
ip nat inside source static tcp DRESS> 20 20 extendable
ip nat inside source static tcp DRESS> 21 21 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 1 permit 192.168.???.0 0.0.0.255
access-list 100 permit tcp any host eq pop3
access-list 100 permit tcp any host eq smtp
access-list 100 permit tcp host host eq ftp
access-list 100 permit tcp host host eq ftp-data
access-list 100 permit tcp host NER> host eq ftp
access-list 100 permit tcp host NER> host eq ftp-data
access-list 100 permit udp any gt 1023 any eq domain
access-list 100 permit udp any eq domain any gt 1023
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 permit tcp any any established
access-list 100 deny ip 192.168.???.0 0.0.0.255 any
access-list 100 permit tcp any host eq ftp
access-list 100 permit tcp any host eq ftp-data
access-list 150 permit ip host any
access-list 150 permit tcp any any eq smtp
access-list 150 permit ip host DRESS> any
dialer-list 1 protocol ip permit
no cdp run
banner motd ^C

Unauthorized Access To This System Is Prohibited
^C
!
line con 0
transport input none
stopbits 1
line vty 0 4
access-class 1 in
password 7 12345678901234567890123456
login
!
scheduler max-task-time 5000
end

Answer : Problem: Cisco 827-4V configuration explanation

You can't increase the point value. 500 is the max.
If you have a PPTP server inside the network, you must have a 1-to-1 static nat, so you will need a public IP address to dedicate to the server. Since everything else is using the dynamic interface address, I'm assuming that you don't have a 2nd dedicated IP address that you can use.

Microsoft VPN Network Server

Microsoft's story:
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable

From Cisco documentation:
Because the connection is initiated as TCP on one port and the response is GRE protocol, it is necessary to configure ACLs to allow the return traffic into the PIX, as the PIX Adaptive Security Algorithm (ASA) does not know the traffic flows are related. PPTP through the PIX with NAT (one-to-one address mapping) works because the PIX uses the port information in the TCP or User Datagram Protocol (UDP) header to keep track of translation. PPTP through the PIX with Port Address Translation (PAT) does not work because there is no concept of ports in GRE.

References:
http://www.microsoft.com/windows2000/technologies/communications/vpn/default.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_hidv.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/cableguy/cg0103.asp
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/columns/tips/15tipsfo.asp

An access-list won't help you until you get the IP address, then:
-log in
-enable
-config term
-access-list 100 permit gre any host
-access-list 100 permit tcp any host eq 1723

Yes, copy command is correct:
router# copy run start <--shortcuts usually work

To start over with blank config:
router#write erase
- confirm
router# reload
- Save config? NO
- confirm reload
(router reboots with blank config)

Random Solutions

Problem: How do I cut and paste a quote using puTTY?

Problem: Power Backup lights status meaning

Problem: Regarding Blade server soltuion

Problem: SATA II - Support with ASUS P4P800-E Deluxe

Problem: Error: Com Port In Use

Problem: No Windows Welcome Screen & Vertical Lines on Screen

Problem: Installing Windows 2000 on a Netfinity Server w/ SCSI hotswap drives - Cannot format

Problem: Onboard Video Motherboard

Problem: Full system restore from HP DL360 G4 to HP DL360 G5

Problem: Simple motherboard to load windows 2003 server