SIMPLE VPN QUESTION, BASIC I HOPE

Unanswered Question

Here is my problem, we have a cisco 806 broadband router. Out of the box and only changing the lan ip to match ours. Now that we have this router in place, i used the websetup wizard to add tcp ports 1723 to point to out win 2k vpn server. when the clients attempt to connect , they time out on the "checking username and password" status.

what else is required?

Thank You,

Brad Primm

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
3gkaram Thu, 04/25/2002 - 13:23
User Badges:

You may need to open up the GRE protocol in the access list.


Access-list 102 permit GRE any host xxx.xxx.xxx.xxx

I have entered the command suggested, and the clients are still timing out.

Here is the show configuration command--


Using 4290 out of 131072 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname CRIDIGITAL

!

enable secret 5 xxxxxxx.

!

username xxxxx password xxxxxx

ip subnet-zero

no ip domain-lookup

ip name-server 65.xx.0.166

ip name-server 65.xx.0.167

ip dhcp excluded-address 192.xxx.40.254

ip dhcp excluded-address 192.xxx.40.9

ip dhcp excluded-address 192.xxx.40.10

ip dhcp excluded-address 192.xxx.40.130

!

ip dhcp pool CLIENT

import all

network 192.xxx.40.0 255.255.255.0

default-router 192.xxx.40.254

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw http timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

!

!

!

interface Ethernet0

description CRWS Generated text. Please do not delete

this:192.xxx.40.254-255.2

55.255.0

ip address 192.xxx.40.254 255.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

hold-queue 100 out

!

interface Ethernet1

ip address dhcp

ip access-group 111 in

ip nat outside

ip inspect myfw out

no cdp enable

!

ip nat inside source list 102 interface Ethernet1 overload

ip nat inside source static tcp 192.xxx.40.9 25 interface Ethernet1 25

ip nat inside source static tcp 192.xxx.40.9 110 interface Ethernet1

110

ip nat inside source static tcp 192.xxx.40.9 21 interface Ethernet1 21

ip nat inside source static tcp 192.xxx.40.9 80 interface Ethernet1 80

ip nat inside source static tcp 192.xxx.40.10 139 interface Ethernet1

139

ip nat inside source static udp 192.xxx.40.10 138 interface Ethernet1

138

ip nat inside source static udp 192.xxx.40.10 137 interface Ethernet1

137

ip nat inside source static tcp 192.xxx.40.130 3389 interface Ethernet1

3389

ip nat inside source static tcp 192.xxx.40.10 47 interface Ethernet1 47

ip nat inside source static tcp 192.xxx.40.10 1723 interface Ethernet1

1723

ip nat inside source static udp 192.xxx.40.10 1723 interface Ethernet1

1723

ip nat inside source static udp 192.xxx.40.10 1701 interface Ethernet1

1701

ip nat inside source static tcp 192.xxx.40.10 1701 interface Ethernet1

1701

ip nat inside source static tcp 192.xxx.40.10 137 interface Ethernet1

137

ip nat inside source static tcp 192.xxx.40.10 138 interface Ethernet1

138

ip classless

ip http server

!

access-list 102 permit ip 192.xxx.40.0 0.0.0.255 any

access-list 102 permit gre any host 192.xxx.40.10

access-list 102 permit gre any host 0.0.0.0

access-list 102 permit gre any any

access-list 111 permit tcp any any eq smtp

access-list 111 permit tcp any any eq pop3

access-list 111 permit tcp any any eq ftp

access-list 111 permit tcp any any eq www

access-list 111 permit tcp any any eq 139

access-list 111 permit udp any any eq netbios-dgm

access-list 111 permit udp any any eq netbios-ns

access-list 111 permit tcp any any eq 3389

access-list 111 permit tcp any any eq 47

access-list 111 permit tcp any any eq 1723

access-list 111 permit udp any any eq 1723

access-list 111 permit udp any any eq 1701

access-list 111 permit tcp any any eq 1701

access-list 111 permit tcp any any eq 137

access-list 111 permit tcp any any eq 138

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 deny ip any any

access-list 111 permit gre any host 192.xxx.40.10

access-list 111 permit gre any host 0.0.0.0

access-list 111 permit gre any any

!

line con 0

exec-timeout 120 0

stopbits 1

line vty 0 4

exec-timeout 0 0

login local

length 0

!

scheduler max-task-time 5000

end


Actions

This Discussion