Question : Problem: CISCO 877 - VPN pass through (ip 47-GRE) and port forwarding (TCP 1723)

HELP! Got a CISCO 877 Box with IOS Version 12.4 .
For the life of me I cannot get the VPN to pass through. I can dot it NAT 1-1 but not with the access-list's
WAN: Cisco 877 ADSL Bridged
LAN: Linux VPN PPTP Server, Mac OS 10 FTP and Web Server, and MS Exchange for Mail.
I need to forward other ports to other servers which is why NAT 1-1 is not good for me.

This is my current basic configuration file with out the access list's:

!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$asdO7/$$Pzsf&$oJjail$$TotX9.
!
no aaa new-model
!
resource policy
!
clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected

!
!
username cisco privilege 15 secret 5 mdf$mL$d6df369eLgfY1G1fg$hjhWQ.
!
!
!
bridge irb
!
!
interface ATM0
description --- ADSL to Internet ---
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
protocol ip inarp
!
dsl operating-mode itu-dmt
bridge-group 1
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.10.12.50 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI1
description --- Bridging Interface ---
ip address 203.194.32.133 255.255.255.252
ip nat outside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 203.194.32.132
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface BVI1 overload
!
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.10.12.96
access-list 101 remark SDM_ACL Category=18
access-list 101 permit ip 10.10.0.0 0.0.0.255 any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
!
scheduler max-task-time 5000
end

Any assistance apreciated.

Thank you

Answer : Problem: CISCO 877 - VPN pass through (ip 47-GRE) and port forwarding (TCP 1723)

Hmmmm... I don't know if the type of VPN server makes a difference, but you should be able to pass through PPTP without having to add any additional configuration. Prior to 12.1(4)T, you need a one is to one mapping for PPTP to work. But then the feature called NATSupport for PPTP in an Overload (Port Address Translation) came in which allows you to establish multiple PPTP connections using PAT. See the following documents:

Configuring PPTP Through PAT to a Microsoft PPTP Server
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

NATSupport for PPTP in an Overload (Port Address Translation) Configuration
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/prod_bulletin09186a0080091abd.html#wp45349

You are already running 12.4, so that should work just fine unless they made some changes on the 12.4 code. Do you by any means have a valid CCO account? You can use the Feature Navigator tool at Cisco's support page to see if the feature set you have on your router supports this functionality.

Random Solutions

Problem: Security Appliance (Firewall/VPN) Recommendations for a SMB

Problem: VHDCI and SCSI port

Problem: Toshiba Satellite A70-S249 suddenly powers down

Problem: 2 wireless routers - disconnecting

Problem: Tohiba Satellite Pro A100 - memory card replacement

Problem: Converting Laptop to Voltage in South America

Problem: HELP! No sound. I have ONE yellow exclamation point in my Device Manager.

Problem: RAID configuration

Problem: Creative Blaster problem