cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
5
Replies

VPN through Cisco 827 / 837

ggrramalingum
Level 1
Level 1

Hello i am having avery bizare problem,

i am setting up a vpn connection, as follows :

WINXP---->CISCO827ADSL---->INTERNET---->CORPORATE

i am using the windows XP VPN client to connect to my corporate server .

when i am using a normal modem (ALCATEL speedstoucvh pro etc ) i can connect without any porblems.

but when i connect my cisco router, it just dont work.

i have tried with cisco 827 ans cisco 837, it just wont work .

i started a configuration from scratch, it worked for some time, but then it just stopped, i switched my alcatel back and it worked, put cisco back again NOT WORKING.

here is my router config:

Building configuration...

Current configuration : 1166 bytes

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname VPN_RTR

ip subnet-zero

ip audit notify log

ip audit po max-events 100

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

no ip mroute-cache

hold-queue 100 out

interface ATM0

bandwidth 1025

no ip address

no ip mroute-cache

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

dsl operating-mode auto

dsl power-cutback 1

hold-queue 208 in

interface Dialer0

bandwidth 1024

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xxxx

ppp chap password xxxx

ip nat inside source list 8 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

access-list 8 permit 192.168.1.0 0.0.0.255

scheduler max-task-time 5000

end

5 Replies 5

spremkumar
Level 9
Level 9

Hi

are you getting any error message in your VPN Client PC ?

regds

yes, when it reach verifying username and password it hangs .. error 721 windows XP,

the alcatel functions same as the router ( same routing / ip etc ) so no dialup in use , vpn just going out on the LAN conenction,

i have upgraded the cisco IOS but still it is same problem...

i have tried also the MS tricks but no change... I have tested that both with cisco 827 and 837 ..

i have been trying to see the pptp connetions on the router and here is the outcome:

supergrp#sh ip nat trans pptp

Pro Inside global Inside local Outside local Outside global

gre 196.192.100.115:0 192.168.100.10:0 196.25.124.209:0 196.25.124.209:0

gre 196.192.100.115:32768 192.168.100.10:32768 196.25.124.209:32768 196.25.124.209:32768

gre 196.192.100.115:16384 192.168.100.10:16384 196.25.124.209:16384 196.25.124.209:16384

gre 196.192.100.115:49152 192.168.100.10:49152 196.25.124.209:49152 196.25.124.209:49152

i am out of mind here

PPTP can have problems with firewalls because it builds two connections. First the client initiates the connection to the server from the inside of the firewall. This works fine as long no access-list is blocking port 1723. After authentication the server builds a GRE tunnel to the client. And this connection (data) is blocked by the firewall unless specifically permitted with an access-list. On pix it can be solved with fixup protocol pptp 1723 command. On a router ip inspect name .... pptp. I used it on the pix and it worked. it should on the router. Inspection opens this inbound GRE tunnel.

you can find some info here and in the command reference

http://www.cisco.com/application/pdf/en/us/guest/products/ps1018/c1167/ccmigration_09186a008010a40e.pdf

00:56:36: NAT: PPTP packet: length: 168, type: 1, cookie: 1A2B3C4D

00:56:36: code: 7, Call ID: 0, Peer ID: 31911

00:56:36: NAT-PPTP: got Call ID 0 -> 0

00:56:36: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:56:36: NAT: PPTP translated: length: 168, type: 1, cookie: 1A2B3C4D

00:56:36: code: 7, Call ID: 0, Peer ID: 31911

00:56:37: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:56:37: NAT: PPTP packet: length: 32, type: 1, cookie: 1A2B3C4D

00:56:37: code: 8, Call ID: 33762, Peer ID: 0

00:56:37: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:56:37: NAT: PPTP translated: length: 32, type: 1, cookie: 1A2B3C4D

00:56:37: code: 8, Call ID: 33762, Peer ID: 0

00:56:39: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:56:39: NAT: PPTP packet: length: 168, type: 1, cookie: 1A2B3C4D

00:56:39: code: 7, Call ID: 0, Peer ID: 31911

00:56:39: NAT-PPTP: global Call ID already exists

00:56:39: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:56:39: NAT: PPTP translated: length: 168, type: 1, cookie: 1A2B3C4D

00:56:39: code: 7, Call ID: 0, Peer ID: 31911

00:56:40: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:56:40: NAT: PPTP packet: length: 32, type: 1, cookie: 1A2B3C4D

00:56:40: code: 8, Call ID: 33762, Peer ID: 0

00:56:40: NAT: PPTP Call ID 33762 --> 0

00:56:40: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:56:40: NAT: PPTP translated: length: 32, type: 1, cookie: 1A2B3C4D

00:56:40: code: 8, Call ID: 0, Peer ID: 0

00:56:40: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:56:40: NAT: PPTP packet: length: 24, type: 1, cookie: 1A2B3C4D

00:56:40: code: 15, Call ID: 0, Peer ID: 0

00:56:40: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:56:40: NAT: PPTP translated: length: 24, type: 1, cookie: 1A2B3C4D

00:56:40: code: 15, Call ID: 0, Peer ID: 0

00:56:40: NAT: GRE Call ID: 0 - [4965]

00:56:42: NAT: GRE Call ID: 0 - [5048]

00:56:45: NAT: GRE Call ID: 0 - [5168]

00:56:49: NAT: GRE Call ID: 0 - [5196]

00:56:53: NAT: GRE Call ID: 0 - [5199]

00:56:57: NAT: GRE Call ID: 0 - [5201]

00:57:01: NAT: GRE Call ID: 0 - [5204]

00:57:05: %SEC-6-IPACCESSLOGRP: list 100 permitted gre 192.168.100.10 -> 196.25.124.209, 7 packets

00:57:05: NAT: GRE Call ID: 0 - [5209]

00:57:09: NAT: GRE Call ID: 0 - [5212]

00:57:13: NAT: GRE Call ID: 0 - [5219]

00:57:17: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:57:17: NAT: PPTP packet: length: 16, type: 1, cookie: 1A2B3C4D

00:57:17: code: 12, Call ID: 0, Peer ID: 0

00:57:17: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:57:17: NAT: PPTP translated: length: 16, type: 1, cookie: 1A2B3C4D

00:57:17: code: 12, Call ID: 0, Peer ID: 0

00:57:17: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:57:17: NAT: PPTP packet: length: 148, type: 1, cookie: 1A2B3C4D

00:57:17: code: 13, Call ID: 33762, Peer ID: 0

00:57:17: NAT-PPTP: GRE tunnels deleted for Call ID: 33762

00:57:17: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:57:17: NAT: PPTP translated: length: 148, type: 1, cookie: 1A2B3C4D

00:57:17: code: 13, Call ID: 33762, Peer ID: 0

00:57:18: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:57:18: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)

00:57:18: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

00:57:18: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: