04-25-2002 12:17 PM - edited 02-21-2020 11:42 AM
Here is my problem, we have a cisco 806 broadband router. Out of the box and only changing the lan ip to match ours. Now that we have this router in place, i used the websetup wizard to add tcp ports 1723 to point to out win 2k vpn server. when the clients attempt to connect , they time out on the "checking username and password" status.
what else is required?
Thank You,
Brad Primm
04-25-2002 01:23 PM
You may need to open up the GRE protocol in the access list.
Access-list 102 permit GRE any host xxx.xxx.xxx.xxx
04-25-2002 01:41 PM
I have entered the command suggested, and the clients are still timing out.
Here is the show configuration command--
Using 4290 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CRIDIGITAL
!
enable secret 5 xxxxxxx.
!
username xxxxx password xxxxxx
ip subnet-zero
no ip domain-lookup
ip name-server 65.xx.0.166
ip name-server 65.xx.0.167
ip dhcp excluded-address 192.xxx.40.254
ip dhcp excluded-address 192.xxx.40.9
ip dhcp excluded-address 192.xxx.40.10
ip dhcp excluded-address 192.xxx.40.130
!
ip dhcp pool CLIENT
import all
network 192.xxx.40.0 255.255.255.0
default-router 192.xxx.40.254
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw http timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete
this:192.xxx.40.254-255.2
55.255.0
ip address 192.xxx.40.254 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
ip address dhcp
ip access-group 111 in
ip nat outside
ip inspect myfw out
no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp 192.xxx.40.9 25 interface Ethernet1 25
ip nat inside source static tcp 192.xxx.40.9 110 interface Ethernet1
110
ip nat inside source static tcp 192.xxx.40.9 21 interface Ethernet1 21
ip nat inside source static tcp 192.xxx.40.9 80 interface Ethernet1 80
ip nat inside source static tcp 192.xxx.40.10 139 interface Ethernet1
139
ip nat inside source static udp 192.xxx.40.10 138 interface Ethernet1
138
ip nat inside source static udp 192.xxx.40.10 137 interface Ethernet1
137
ip nat inside source static tcp 192.xxx.40.130 3389 interface Ethernet1
3389
ip nat inside source static tcp 192.xxx.40.10 47 interface Ethernet1 47
ip nat inside source static tcp 192.xxx.40.10 1723 interface Ethernet1
1723
ip nat inside source static udp 192.xxx.40.10 1723 interface Ethernet1
1723
ip nat inside source static udp 192.xxx.40.10 1701 interface Ethernet1
1701
ip nat inside source static tcp 192.xxx.40.10 1701 interface Ethernet1
1701
ip nat inside source static tcp 192.xxx.40.10 137 interface Ethernet1
137
ip nat inside source static tcp 192.xxx.40.10 138 interface Ethernet1
138
ip classless
ip http server
!
access-list 102 permit ip 192.xxx.40.0 0.0.0.255 any
access-list 102 permit gre any host 192.xxx.40.10
access-list 102 permit gre any host 0.0.0.0
access-list 102 permit gre any any
access-list 111 permit tcp any any eq smtp
access-list 111 permit tcp any any eq pop3
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit tcp any any eq 3389
access-list 111 permit tcp any any eq 47
access-list 111 permit tcp any any eq 1723
access-list 111 permit udp any any eq 1723
access-list 111 permit udp any any eq 1701
access-list 111 permit tcp any any eq 1701
access-list 111 permit tcp any any eq 137
access-list 111 permit tcp any any eq 138
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 deny ip any any
access-list 111 permit gre any host 192.xxx.40.10
access-list 111 permit gre any host 0.0.0.0
access-list 111 permit gre any any
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: