I am trying to setup a win2k server as vpn server behind a cisco 2611 router to connect a satellite office to our main office.
I have found some info on how to set up access lists and such but I have hit a wall.
Currently what I have so far:
description connected to EthernetLAN
ip address 192.168.208.30 255.255.255.0
no ip directed-broadcast
ip nat inside
description connected to Internet
ip address 64.217.xxx.86 255.255.255.252
ip access-group inet_inbound in (--- I added correct ???)
no ip directed-broadcast
ip nat outside
ip access-list extended inet_inbound
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit tcp any host 64.217.xxx.86 eq 1723
permit gre any host 64.217.xxx.86
Both examples I have show:
description internet interface
ip address 64.217.xxx.xxx 255.255.255.252
ip access-group inet_inbound in
BUT when I try to type "interface Serial0/0" at the router config prompt, it gives me an error pointing to the 'S' in serial, so should I add the ip access-group line to my Internet 0/1 like I did above since that is my internet connection????
You don't have a Serial interface in your router, so you're adding the access-list to the correct interface.
The trouble is you're trying to connect to the 64.217.xxx.86 address which is the router's address, not the address of the internal Win2K server. For a PPTP connection you will need a second IP address from your ISP, so let's assume they give you 64.217.xxx.87.
The following will send all traffic destined for 64.217.xxx.87 through to your internal Win2K server (which I've assumed is 192.168.208.1, change if necessary):
ip nat inside source static 192.168.208.1 64.217.xxx.87 extendable
Change the two lines in your access-list to reference the .87 address rather than the .86.
Then have all your VPN clients connect to the .87 address rather than .86 and you should be good to go.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...