Microsoft PPTP VPN not established through Cisco 1841
We have a remote LAN with addressing 172.16.1.0/24 which must be reachable by Windows PPTP VPN clients located wherever. The border gateway between this remote LAN and the Internet is a router Cisco 1841. Inside the LAN, there is a VPN server (172.16.1.11) based on Windows RRAS (Remote Routing and Access Server).
Our problem is that Windows PPTP clients located outside in the Internet are not even authenticated. No traces can be found in RRAS log file in Windows server.
We know that RRAS is well configured because PPTP VPN clients located in the same LAN manage to establish the tunnel very quickly after a successful authentication. So we suspect that the problem is in the router. Relevant configuration is as follows (we already tried without CBAC but unsuccessfully):
access-list 101 permit tcp any host xx.yy.zz.tt eq 1723
access-list 101 permit gre any host xx.yy.zz.tt
We took some Wireshark/Ethereal captures in VPN server. It seems that the remote client does not receive the "PPP LC Configuration ACK" sent by the VPN server, so he re-tries "PPP LC Configuration Request" over and over again. We don't know why the remote client does not receive this ACK sent by the server, because the router 1841 seems to be configured according to Cisco documentation.
Re: Microsoft PPTP VPN not established through Cisco 1841
Thank you very much, Rama, but this parameter did not solve our problem.
By the way, why did you suggest 1420?
Anyway, I tried several values (1420, 1452, 542) in both interfaces and only in the WAN interface, but all the connection attempts from Windows PPTP VPN were unsuccessful. Moreover, no trace was logged in the server.
Perhaps the adjustment that you suggested works for typical WAN interfaces, but we have FastEthernet in both sides of the router, our systems are hosted at a ISP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :