|
|
Question : Problem: CISCO 877 - VPN pass through (ip 47-GRE) and port forwarding (TCP 1723)
|
|
HELP! Got a CISCO 877 Box with IOS Version 12.4 . For the life of me I cannot get the VPN to pass through. I can dot it NAT 1-1 but not with the access-list's WAN: Cisco 877 ADSL Bridged LAN: Linux VPN PPTP Server, Mac OS 10 FTP and Web Server, and MS Exchange for Mail. I need to forward other ports to other servers which is why NAT 1-1 is not good for me.
This is my current basic configuration file with out the access list's:
! version 12.4 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname cisco ! boot-start-marker boot-end-marker ! enable secret 5 $1$asdO7/$$Pzsf&$oJjail$$TotX9. ! no aaa new-model ! resource policy ! clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00 ip subnet-zero no ip source-route ip cef no ip dhcp use vrf connected
! ! username cisco privilege 15 secret 5 mdf$mL$d6df369eLgfY1G1fg$hjhWQ. ! ! ! bridge irb ! ! interface ATM0 description --- ADSL to Internet --- no ip address no ip mroute-cache no atm ilmi-keepalive pvc 8/35 encapsulation aal5snap protocol ip inarp ! dsl operating-mode itu-dmt bridge-group 1 hold-queue 224 in ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 ip address 10.10.12.50 255.255.255.0 ip nat inside ip virtual-reassembly ! interface BVI1 description --- Bridging Interface --- ip address 203.194.32.133 255.255.255.252 ip nat outside ip virtual-reassembly ! ip classless ip route 0.0.0.0 0.0.0.0 203.194.32.132 ! no ip http server no ip http secure-server ip nat inside source list 101 interface BVI1 overload ! access-list 1 remark SDM_ACL Category=1 access-list 1 permit 10.10.12.96 access-list 101 remark SDM_ACL Category=18 access-list 101 permit ip 10.10.0.0 0.0.0.255 any ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 login local ! scheduler max-task-time 5000 end
Any assistance apreciated.
Thank you
|
Answer : Problem: CISCO 877 - VPN pass through (ip 47-GRE) and port forwarding (TCP 1723)
|
|
Hmmmm... I don't know if the type of VPN server makes a difference, but you should be able to pass through PPTP without having to add any additional configuration. Prior to 12.1(4)T, you need a one is to one mapping for PPTP to work. But then the feature called NATSupport for PPTP in an Overload (Port Address Translation) came in which allows you to establish multiple PPTP connections using PAT. See the following documents:
Configuring PPTP Through PAT to a Microsoft PPTP Server http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
NATSupport for PPTP in an Overload (Port Address Translation) Configuration http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/prod_bulletin09186a0080091abd.html#wp45349
You are already running 12.4, so that should work just fine unless they made some changes on the 12.4 code. Do you by any means have a valid CCO account? You can use the Feature Navigator tool at Cisco's support page to see if the feature set you have on your router supports this functionality.
|
|
|