07-24-2007 11:47 AM - edited 03-03-2019 06:00 PM
Hi all. I have a branch location that needs its employees to have the ability to create PPTP VPN connections to connect to public servers, etc. The 2610 router currently has a box to box vpn connection to HQ. How can I allow all LAN nodes to pass the GRE and PPTP traffic? I don't have any access lists applied to the LAN interface.
crypto map nolan 9 ipsec-isakmp
set peer xx
set transform-set sharks
match address 153
crypto map nolan 10 ipsec-isakmp
set peer xx
set transform-set sharks
match address 101
!
!
!
!
!
!
interface Loopback1
ip address 170.1.1.97 255.255.255.0
!
interface Tunnel0
ip address 10.10.0.1 255.255.255.0
no ip route-cache
no ip mroute-cache
tunnel source xx
tunnel destination xx
crypto map nolan
!
interface Ethernet0/0
description xxx LAN
ip address 192.168.12.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
!
!
interface Serial0/0.1 point-to-point
backup interface Async65
ip address 172.20.12.2 255.255.255.252
no ip route-cache
no ip mroute-cache
shutdown
frame-relay interface-dlci 300
!
interface Serial0/0.2 point-to-point
description Frame Relay to xxx
ip address 172.21.12.2 255.255.255.252
no ip route-cache
no ip mroute-cache
shutdown
frame-relay interface-dlci 200
!
interface Serial0/1
ip address xxx 255.255.255.252
no ip proxy-arp
ip nat outside
no ip mroute-cache
no fair-queue
crypto map nolan
!
interface Async65
no ip address
encapsulation ppp
keepalive 10
dialer in-band
dialer idle-timeout 900
dialer string xx
dialer-group 1
async default routing
async mode interactive
!
interface Group-Async1
ip unnumbered Ethernet0/0
ip mtu 1400
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer in-band
dialer idle-timeout 1200
dialer map ip 170.1.1.45 name dar01rt01ec
dialer map ip 170.1.1.49 name sas01rt01ec
dialer map ip 170.1.1.54 name wpg01rt01ec
dialer map ip 170.1.1.6 name tes01rt01ec
dialer map ip 170.1.1.7 name van01rt01ec
dialer map ip 170.1.1.13 name tof01rt01ec
dialer-group 1
async default routing
async mode dedicated
peer default ip address pool default
ppp authentication pap chap
group-range 33 48
!
interface Dialer1
no ip address
!
router eigrp 100
network 10.0.0.0
network 170.1.0.0
network 172.20.0.0
network 172.21.0.0
network 192.168.12.0
auto-summary
no eigrp log-neighbor-changes
!
ip local pool default 192.168.12.200 192.168.12.254
ip nat inside source route-map nonat interface Serial0/1 overload
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip forward-protocol udp netbios-ss
ip forward-protocol udp 42508
ip route 0.0.0.0 0.0.0.0 xxx
ip route 0.0.0.0 0.0.0.0 Async65 200
ip route 172.16.0.0 255.255.0.0 10.10.0.2
ip route 172.17.0.0 255.255.0.0 10.10.0.2
ip route 192.168.6.0 255.255.255.0 170.1.1.6 200
ip route 192.168.7.0 255.255.255.0 170.1.1.7 200
ip route 192.168.13.0 255.255.255.0 170.1.1.13 200
ip route 192.168.45.0 255.255.255.0 170.1.1.45 200
ip route 192.168.49.0 255.255.255.0 170.1.1.49 200
ip route 192.168.54.0 255.255.255.0 170.1.1.54 200
ip http server
ip radius source-interface Ethernet0/0
access-list 101 permit gre host xx host xx
access-list 102 permit ip host 192.168.12.207 any
access-list 102 permit ip any host 192.168.12.207
access-list 110 deny ip 192.168.12.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 deny ip 192.168.12.0 0.0.0.255 172.17.0.0 0.0.255.255
access-list 110 deny ip 192.168.12.0 0.0.0.255 192.168.102.0 0.0.0.255
access-list 110 permit ip 192.168.12.0 0.0.0.255 any
access-list 153 permit ip 192.168.12.0 0.0.0.255 192.168.102.0 0.0.0.255
access-list 199 permit ip host 192.168.12.207 any
access-list 199 permit ip any host 192.168.12.207
priority-list 1 protocol ip high
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 110
07-31-2007 05:20 AM
The vpdn command implements the PPTP feature for inbound connections between the firewall and a Windows client. Point-to-Point Tunneling Protocol (PPTP) is a Layer 2 tunneling protocol, which lets a remote client use a public IP network to communicate securely with servers at a private corporate network.
For more information please click following URL:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide