2 questions about PPTP VPN on 878

Unanswered Question
May 14th, 2007


I've configured my 878 router as a PPTP VPN server. It works very fine and very quickly. Using the XP VPN client from a remote site, I can "see" all servers in my network.

2 questions

1) When doing telnet on the 878 through the VPN, it is very slow.

2) I would have to get access to the internet through the VPN. But this does not work.

What should I change in this config :

Thanks in advance,


version 12.3

no service pad

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

service linenumber

service sequence-numbers


hostname ineo-21029





no logging buffered

enable secret 5 .....


username ...

aaa new-model



aaa authentication login default local

aaa authorization exec default local

aaa session-id common

ip subnet-zero

no ip cef

no ip dhcp use class



ip name-server

ip name-server

ip port-map ms-sql port 1433

vpdn enable


vpdn-group 1

! Default PPTP VPDN group


protocol pptp

virtual-template 1


no ftp-server write-enable

isdn switch-type basic-net3


controller DSL 0

mode atm

line-term cpe

line-mode 2-wire line-zero

dsl-mode shdsl symmetric annex B

line-rate auto


interface BRI0

no ip address


isdn switch-type basic-net3


interface ATM0

description === to PE/Router ====

no ip address

ip accounting output-packets

load-interval 30

no atm ilmi-keepalive


interface ATM0.1 point-to-point

description $ES_WAN$

pvc 8/35

oam-pvc manage 5

oam-pvc manage cc end direction both

oam retry 3 3 1

oam retry cc end 3 3 30

encapsulation aal5mux ppp dialer

dialer pool-member 1



interface FastEthernet0

no ip address


interface FastEthernet1

no ip address


interface FastEthernet2

no ip address


interface FastEthernet3

no ip address


interface Virtual-Template1

ip unnumbered Vlan1

peer default ip address pool test

no keepalive

ppp encrypt mppe auto

ppp authentication pap chap ms-chap ms-chap-v2


interface Vlan1

description $FW_INSIDE$

ip address

ip nat inside

ip virtual-reassembly


interface Dialer1

description $FW_OUTSIDE$

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname ....

ppp chap password ....

ppp pap sent-username ....


ip local pool test

ip classless

ip route Dialer1


ip http server

no ip http secure-server

ip nat inside source list 101 interface Dialer1 overload


access-list 101 permit ip any

dialer-list 1 protocol ip permit




line con 0

exec-timeout 120 0

no modem enable

transport preferred all

transport output all

stopbits 1

line aux 0

transport preferred all

transport output all

line vty 0 4

access-class 113 in

exec-timeout 0 0

transport preferred all

transport input all

transport output all


scheduler max-task-time 5000

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thomas.chen Fri, 05/18/2007 - 10:31

I think for the slow telnet problem you are running into an MTU issue. Because IPSec adds overhead, sometimes packets are dropped because they are too large. Try to lower the MTU on the devices and then try telnet. Regarding your second question, VPN is used to get a private network running over the internet, so you wont need VPN to access the internet.

guy.colsoul@ineo.be Sun, 05/20/2007 - 22:50

Thanks for this message.

Finding no solution to my problem, i've switched to other tools : Easy VPN server in the router + Cisco VPN client. My 2 questions have now received a positive answer.

I was very important for me to get Internet acess through the VPN. Because we rent a dedicated server, located somewhere, and the access to this server is firewall-protected on our public IP address. Thus, when i'm outside and want to manage this serveur, i've to connect via VPN at our central office first.

Best regards,



This Discussion