Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows XP thru Cisco 1720 router how to configure

I have a Cisco 1720 router with two Ethernet interfaces...one ethernet interface is giving out dhcp ip addresses..and the other is connected to the (ISP)for Internet services...Everything is working fine..1720 giving out ip address...can surf the web..But whenever I try to launch a VPN session from the WindowsXP workstation...I doesn't work...I'ven even tried removing the Ethernet connection from the router and placing the static ip on the workstation..then VPN session works...What on the 1720 is blocking this from working???

2 REPLIES
Cisco Employee

Re: Windows XP thru Cisco 1720 router how to configure

It's probably the fact that you're trying to PAT IPSec traffic, which is only supported in IOS from 12.2(13)T and onwards. See the release notes here:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftnatesp.htm

If you're not running this version or higher then upgrade and it should allow the IPSec connection through correctly.

New Member

Re: Windows XP thru Cisco 1720 router how to configure

Hello,

Your right I was trying to create an vpn session from a Windows XP workstation which uses "pptp/gre" and not ipsec. After doing some reading it appears gre doesn't work with NAT. So I had the ISP give me several more ip address so I created a ip nat translation. I hope this works. I've pasted a copy of the config.

NationalManWeek2004#show run

Building configuration...

Current configuration : 3456 bytes

!

version 12.2

no parser cache

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service pt-vty-logging

!

hostname NationalManWeek2004

!

boot system flash c1700-y-mz.122-8.YJ.bin

logging buffered 4096 debugging

logging console critical

enable secret xxxxx

!

memory-size iomem 25

clock timezone edt -5

clock summer-time edt recurring

ip subnet-zero

no ip source-route

ip name-server 167.165.127.1

ip name-server 167.165.127.2

ip dhcp excluded-address 172.17.224.93 172.17.224.95

ip dhcp excluded-address 172.17.224.1

ip dhcp smart-relay

!

ip dhcp pool EXPO

network 172.17.224.0 255.255.255.0

dns-server 167.165.127.2

default-router 172.17.224.1 167.165.22.254

lease infinite

!

no ip bootp server

!

!

!

!

interface Loopback0

no ip address

no ip proxy-arp

!

interface Loopback2

no ip address

!

interface Loopback3

no ip address

no ip proxy-arp

!

interface Ethernet0

description USED for Indus Demo Servers

ip address 172.17.224.1 255.255.255.0

ip nat inside

half-duplex

no cdp enable

!

interface FastEthernet0

description USED For Internet Access

ip address 167.165.22.50 255.255.255.0

ip nat outside

speed auto

full-duplex

no cdp enable

!

interface Virtual-Template1

no ip address

!

interface Dialer1

no ip address

no cdp enable

!

router rip

network 167.165.0.0

network 172.17.0.0

!

ip default-gateway 167.165.22.254

ip nat inside source list 1 interface FastEthernet0 overload

ip nat inside source static 172.17.224.2 167.165.22.51

ip nat inside source static 172.17.224.3 167.165.22.52

ip classless

ip route 0.0.0.0 0.0.0.0 167.165.22.254

no ip http server

!

!

logging trap debugging

access-list 1 permit 172.17.224.0 0.0.0.255

access-list 1 permit 172.16.95.0 0.0.0.255

no cdp run

snmp-server community xxx

snmp-server community xxx

snmp-server location Atlanta PBX Room

snmp-server contact Gene Moore @770-989-4217

snmp-server enable traps config

snmp-server enable traps entity

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps syslog

snmp-server enable traps rtr

banner motd ^CCC

************************************************************************

**WARNING**WARNING**WARNING**WARNING**WARNING**WARNING**

Access to this computer system and associated network, computer

resources, all data is restricted to those authorized by this

corporation ONLY. All data contained on these computer systems

is owned by the this corporation and may be monitored, intercepted,

recorded, read, copied, or captured in any manner and disclosed in

any manner, by authorized personnel. THERE IS NO RIGHT OF PRIVACY IN THIS

SYSTEM. System personnel may give to law enforcement officials

any potential evidence of crime found on these computer systems and/or

networks. USE OF THIS SYSTEM BY ANY USER, AUTHORIZED OR

UNAUTHORIZED,CONSTITUTES CONSENT TO THIS MONITORING, INTERCEPTION,

RECORDING, READING, COPYING, OR CAPTURING and DISCLOSURE.

Violators will be prosecuted.

************************************************************************^C

!

line con 0

exec-timeout 0 0

password xxxx

login

line aux 0

login

no exec

line vty 0 4

exec-timeout 30 0

password xxxx

login

line vty 5 15

password xxxx

login

!

scheduler allocate 4000 1000

end

NationalManWeek2004#

412
Views
0
Helpful
2
Replies
CreatePlease login to create content