Enabling GRE to connect MS PPTP vpn client to 871w

Unanswered Question
Mar 25th, 2007

I forgot to post back saying that I got my 871w to finally connect to the internet. Now I'm trying to use the "vpdn enable" process to connect the MS PPTP vpn client to the router. This is easy on a pix 501 but it's confusing as sh*t on the new 12.4 IOS the 871w ships with. I've tried the various articles that come up but I'm getting the "verying username and password" which is generally an indicator the GRE is not in play.

How do I enable GRE to connect, if anyone knows?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jay.johnson1 Sun, 03/25/2007 - 06:15

Thanks for the effort. Unfortunately, this is the document I started with. I was able to configure my router for this, but it appears GRE is not making it through (I've seen this happen with SOHO routers such as Linksys).

Specifically, how do you enable GRE?

Paolo Bevilacqua Sun, 03/25/2007 - 06:45


If you have another router in the path (eg broadband/adsl router, NAT/PAT), it's up to this one to make that GRE get to the 871. Perhaps you have to configure port forwarding or something there, You can't do anything about it on the 871.

jay.johnson1 Sun, 03/25/2007 - 09:53

There's no other router in the path, nor have I mentioned that, in case I wasn't clear. This connection consists of a cable modem followed by the 871w, period.

On my second connection (ADSL), I have an adsl cable modem followed by a pix 501; after the 501 is a 1720 with a 1900 switch (with enterprise OS) plugged into the Fa port; from there, I have a Linksys WRV200 connected to one of the ports on the switch (it's running as an access point for my wireless clients only).

The connection I'm concerned about is the "871w" only.

Hope this clarifies things...


Paolo Bevilacqua Sun, 03/25/2007 - 12:16

Hi, if the cable modem gives a public address to the 871, you should be OK, it does not NAT.

Check out, if the client is on the other side of a PIX you should configure it to let GRE pass (protocol 47). And check no other element is doing NAT too, this ping from 871 to PC must be is successful and not using private addresses.


This Discussion