2 questions about PPTP VPN on 878

Unanswered Question

Hello,

I've configured my 878 router as a PPTP VPN server. It works very fine and very quickly. Using the XP VPN client from a remote site, I can "see" all servers in my network.

2 questions

1) When doing telnet on the 878 through the VPN, it is very slow.

2) I would have to get access to the internet through the VPN. But this does not work.

What should I change in this config :

Thanks in advance,

Guy

version 12.3

no service pad

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

service linenumber

service sequence-numbers

!

hostname ineo-21029

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 .....

!

username ...

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

aaa session-id common

ip subnet-zero

no ip cef

no ip dhcp use class

!

!

ip name-server 212.100.160.51

ip name-server 212.100.160.52

ip port-map ms-sql port 1433

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

no ftp-server write-enable

isdn switch-type basic-net3

!

controller DSL 0

mode atm

line-term cpe

line-mode 2-wire line-zero

dsl-mode shdsl symmetric annex B

line-rate auto

!

interface BRI0

no ip address

shutdown

isdn switch-type basic-net3

!

interface ATM0

description === to PE/Router ====

no ip address

ip accounting output-packets

load-interval 30

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

description $ES_WAN$

pvc 8/35

oam-pvc manage 5

oam-pvc manage cc end direction both

oam retry 3 3 1

oam retry cc end 3 3 30

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Virtual-Template1

ip unnumbered Vlan1

peer default ip address pool test

no keepalive

ppp encrypt mppe auto

ppp authentication pap chap ms-chap ms-chap-v2

!

interface Vlan1

description $FW_INSIDE$

ip address 192.168.2.2 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Dialer1

description $FW_OUTSIDE$

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname ....

ppp chap password ....

ppp pap sent-username ....

!

ip local pool test 192.168.2.240 192.168.2.250

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

no ip http secure-server

ip nat inside source list 101 interface Dialer1 overload

!

access-list 101 permit ip 192.168.2.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

control-plane

!

line con 0

exec-timeout 120 0

no modem enable

transport preferred all

transport output all

stopbits 1

line aux 0

transport preferred all

transport output all

line vty 0 4

access-class 113 in

exec-timeout 0 0

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thomas.chen Fri, 05/18/2007 - 10:31

I think for the slow telnet problem you are running into an MTU issue. Because IPSec adds overhead, sometimes packets are dropped because they are too large. Try to lower the MTU on the devices and then try telnet. Regarding your second question, VPN is used to get a private network running over the internet, so you wont need VPN to access the internet.

Thanks for this message.

Finding no solution to my problem, i've switched to other tools : Easy VPN server in the router + Cisco VPN client. My 2 questions have now received a positive answer.

I was very important for me to get Internet acess through the VPN. Because we rent a dedicated server, located somewhere, and the access to this server is firewall-protected on our public IP address. Thus, when i'm outside and want to manage this serveur, i've to connect via VPN at our central office first.

Best regards,

Guy

Actions

This Discussion