First off I'm a newbie at this and have spent the past 20 some hours researching the correct answers and am suffering from fuzzy-brain so please forgive me for missing the obvious.
I've got a standalone Win2k Server running VPN server on 192.100.100.x network.
A 1720 with a T1 and fastethernet.
They have a block of 23 legal ip's.
I must allow upto 15 VPN clients to connect to the Win2k VPN server through the internet. No other services are offered.
The local network needs internet access only.
I have the 1720 currently configured with PAT through one public ip for the local networks internet access.
I also have another public ip dedicated to pcanywhere access to the server using static NAT, and lastly dedicated one more public ip to the VPN server through static NAT.
The VPN mapping is:
ip nat inside source static VPN_SERVER_LOCAL_IP PUBLIC_IP.
This works fine,... but I think it is too unrestricted, SO when I try the above static entry with TCP/1723 it will not connect. It appears to me that I need to allow GRE through, but see no way using the above static syntax.
I suspect creating an access list is the correct way, but am afraid that this may cause latency problems if not configured properly. This last thing is where my fuzzy-brain situation is occuring and thus the reason for my question.
Heres the current config.
no ip source-route
no ip finger
ip name-server 205.xxx.xxx.xxx
ip address xxx.xxx.xxx.xxx 255.255.255.252
! this ip is the providers public one, not from the
! above mentioned registered ip block.
ip nat outside
service-module t1 timeslots 1-4
ip address 126.96.36.199 255.255.255.0
ip nat inside
ip nat inside source list 1 interface Serial0 overload
ip nat inside source static 188.8.131.52 VPN_SERVER_PUBLIC_IP
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...