Connecting on Windows VPN Server through Cisco 876 - *newbie*

Unanswered Question
Sep 16th, 2010

Hello Guys,

Here is the layout that I currently have:

VPN Server (Windows 2008) --> Cisco 876  --> Internet (dynamic ip address) --> Client (My home PC)

So I'm having trouble connecting to the vpn server from my home pc, it actually hangs on "Verifying username and password" and then it just drops because of the timeout.

I googled for the solution and all I could find was that I need to open port 1723 and allow GRE (protocol 47) through the Cisco router.

So I managed to forward port 1723 to the required server, but I can't seem to do that for the GRE.

So can somebody please give me step by step instructions on how to do this, and for that matter how to make the whole thing work.

Note that I'm very new to cisco routers and firewalls, so I'm still not familiar with most of the commands for the router.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
praprama Thu, 09/16/2010 - 08:31


Unfortunately PPTP does not work with PAT for the server on port TCP/1723. This is because GRE is used in this connection and since GRE itself does not have any port numbers, we will need a NAT (1:1) for the server and not a PAT on TCP port 1723. I suppose that's the reason why it's not working in your case.

The payload when GRE comes into play is going to be something like below:

_______ ________

|            |             |

|   IP      |    GRE  |


So as can be seen, the port forwarding that you have configured for the PPTP server on TCP 1723 will not help due to the fact that the router can not find the port number field in the GRE header (though it can find the IP address field in the IP header). Hence, we will need a 1:1 NAT for this server.

If you have another IP address, try NATing the routing the server to that IP rather than a Port forwarding. Let me know if this helps!!



ZharkoAtkovski Fri, 09/17/2010 - 05:49

Well for some reason that didn't work as well, maybe i'm still doing something wrong....

However would it be easier if i use the cisco vpn client and set the router as a vpn server?

If that is possible, can you give me a step by step guide on how to setup the router to act as a vpn server?


This Discussion