Re: PPTP over 677 DSL router

jperquin · ‎11-10-2001

I am trying to setup a VPN between two offices that are both connected to the same ISP, using a 677 DSL router in routing mode.

When trying to connect the VPN client to the server over the internal LAN all goes well, but when I go over the internet the client gets stuck in the login process.

Assume the problem lies in the fact that the 677 does not allow for a PPTP tunnel to be created.

On the 677 I have port 1723 TCP and UDP mapped to the VPN server.

Any suggestion on how to configure the 677 in such a way that is allows for an incoming PPTP tunnel would be highly appreciated.

murabi · ‎11-16-2001

Hello,

You can’t use NAT overload to connect and you need to open 1723 tcp and IP protocol 47/GRE.

jperquin · ‎11-16-2001

Using CBOS, how do I open the 47/GRE on the 677 router?

pawint · ‎11-18-2001

Please provide information on allowing PPTP thru the Cisco 677 if you get it to work or receive an answer on what the configuration should look like.\\\kind regards

andrew

peter.wint@hsc.com

jperquin · ‎11-19-2001

The solution is quite simple:

Through telnet go to enabled mode and add following mapping:

set nat entry add 10.0.0.2 0 47

write + reboot, and off you go!

JP

PS: The 10.0.0.2 is the IP address of the NIC connected to eth-0

0jschlicker · ‎11-19-2001

actually your static NAT entry would be:

set nat entry add 192.168.0.50 1723 0.0.0.0 1723 udp

set nat entry add 192.168.0.50 1723 0.0.0.0 1723 tcp

This is assuming that your internal machine is set to the ip address of 192.168.0.50.

The 0.0.0.0 is best used if you have a dynamic external ip address otherwise if you are using static IP and NAT then the 0.0.0.0 would be replaced with your outside nat IP address.