Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
585
Views
0
Helpful
3
Replies

VPN on 1721

Go to solution
fingerlicked
Level 1
Level 1

‎04-04-2010 06:33 PM

I am still learning and I hope this is an ok place to post questions. I am taking the ICND2 in 4 days and I am more than ready for it. Right now I'm playing with VPN and just wanted to know if this would work. I have the following network...

ISP > FA0/0 2621XM FA0/1 > FA0/1 3524XL

3524XL various ports > LAN Hosts

3524XL FA0/3 > FA0 1721

I have a static IP from the ISP assigned to 2621XM / FA0/0 and overloaded NAT for the lan hosts to access the internet

I have another static IP with static NAT to the ip of the 1721 / FA0 interface

Will the following config work for VPN access to my network? It's like "Router on a Stick" for Vlans but it's for VPN.

Current configuration : 1076 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BYRD-VPN-RTR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$E0QR$WT1eRKKUvvIjgsKMsH9Y8.
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
!
username ronald password 0 gsxr
!
!
!
!
!
interface FastEthernet0
ip address 192.168.10.3 255.255.255.0
speed 100
!
interface Virtual-Template1
ip unnumbered FastEthernet0
ip mroute-cache
peer default ip address pool VPN_CLIENTS
ppp encrypt mppe 40
ppp authentication ms-chap
!
router eigrp 1
network 192.168.10.0
auto-summary
!
ip local pool VPN_CLIENTS 192.168.10.91 192.168.10.99
!
no ip http server
no ip http secure-server
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
password ****
login
!
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to fingerlicked

‎04-04-2010 07:39 PM

The 1721 should be the default gateway for all the internal hosts. Yes, the configuration should work.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎04-04-2010 07:04 PM

I would suggest that you configure the ip pool in different subnet than your LAN subnet.

Are you trying to terminate the PPTP on fa0, and your internal LAN is also fa0? as the current configuration doesn't match up with the network description that you have.

0 Helpful

Go to solution
fingerlicked
Level 1
Level 1
In response to Jennifer Halim

‎04-04-2010 07:27 PM

Yes, only one interface. I have 192.168.10.91 - 192.168.10.99 excluded in the DHCP pool of the 2621XM.

I believe the description I gave is correct. The 1721 router which I provided the cnf for has only one connection to the 3524XL.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to fingerlicked

‎04-04-2010 07:39 PM

The 1721 should be the default gateway for all the internal hosts. Yes, the configuration should work.

0 Helpful
Customers Also Viewed These Support Documents