NT VPN errors 721, 619 with 2600s with IOS firewall
2620 in one location, 2621 in 2nd location. Both locations have own NT domains. If 1723 and gre are allowed through IOS firewall on each router, would VPN traffic be blocked for some reason, due to IOS config, for clients on 1st LAN to reach 2nd LAN server? But not blocked if VPN from home PC?
NT RAS Error 721 (Computer not responding) when client on 1st NT domain ---> 1st 2621 ---> 2620 2nd location ----> 2nd NT domain server.
No problem when VPN from home PC ----> 2620 or 2621 ----> 1st LAN server or 2nd LAN server.
Re: NT VPN errors 721, 619 with 2600s with IOS firewall
Ok, thanks, read the link. Bear with me, don't quite understand some things. We've got 12.0.7(T). We're using static mappings for the servers -- each server has its private IP mapped to a public IP. We do have a NAT Pool configured, but for clients only.
For each server, the access list permits 1723 and 47. The Cisco TAC tech who hepled us configure the 12.0.7(T) firewall said all we needed to do to MS VPN into NT Server was open 1723 and 47.
I *can* with 12.0.7(T) establish an MS VPN session into any NT server (logon, authenticate, browse network) from my home, which has its own NT 4.0 LAN with 192.168.1.x network going through a Linksys cable router doing PAT.
So, path is my W2K PC on my NT LAN ---> my Linksys ----> Office 2621 ----> Office NT Server. This works.
Are you saying that to MS VPN *through two Cisco 2600 routers* requires the later release? That is, to go from client PC ----> 2620/21 ----> 2620/21 -----> NT Server creates the problem? Because the VPN has to pass through both Cisco routers and somehow can't? Even though both have 1723 and gre open?
One more thing. The 1723 statement in the access list is "permit tcp any eq 1723" -- Notice that the word "host" is missing, as in "permit tcp any host . Is that a problem?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :