Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN tunnel through Cisco Router to SBS 2008 RRAS

i need to provide remote access ro external users over VPN connection. i have an SBS server 2008 with 1 NIC (192.168.33.2) and enabled VPN via " Configure Virtual Private Network" option on SBS console, i enabled GRE and 1723 port on my Cisco firewall as well (192.168.33.1).

I can VPN to SBS internally fine and can telnet to 1723 port but cannot get through externally.

i get Error 800 when establish connection on windown 7 PC.

i can telnet to 1723 port externally (from internet), please review my Cisco config and advise if i missed something:NOTE:my Cisco knowledge is lacking at this stage and this is a new site, as you can tell someone else has attempted to fix this with some of the additions in the config i.e VPN_ClIENTS..this is how I have found it and have made no changes. any help would be greatly appreciated.

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

no service dhcp

!

hostname GsR1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$J2Lf$nyg1uyXR6Ti9XGIiaZ8VH0

enable password ******

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default local

aaa authorization network default local

!

!

aaa session-id common

!

crypto pki trustpoint TP-self-signed-1072454206

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1072454206

revocation-check none

rsakeypair TP-self-signed-1072454206

!

!

crypto pki certificate chain TP-self-signed-1072454206

certificate self-signed 01

  30820259 308201C2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31303732 34353432 3036301E 170D3032 30333031 30303132

  32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30373234

  35343230 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100CBBC 9D109514 CC9DA815 BE01FDEF 99BD3637 865BB8DB D1F79B81 D230BB1A

  709610E9 939C5501 D8D59546 E45C59F8 E76403BC 0D7FA393 01B51AB3 A2D55666

  06AA7A1C 8040FEE9 FEE8A5C0 0D20FF8A BA62F2FE 0CDFDA74 DE2BB488 3CA89D81

  0F3EB95A DB19886D 4974AD90 7B7A5162 45C055C4 9A5FFA00 70E24046 3BE73EC4

  16AB0203 010001A3 8180307E 300F0603 551D1301 01FF0405 30030101 FF302B06

  03551D11 04243022 8220476C 6F62616C 47617365 7352312E 676C6F62 616C6761

  7365732E 636F6D2E 6175301F 0603551D 23041830 168014A7 E9995946 96907932

  1B59834D CF97637E 5379B930 1D060355 1D0E0416 0414A7E9 99594696 9079321B

  59834DCF 97637E53 79B9300D 06092A86 4886F70D 01010405 00038181 005CA47B

  27AFAFD1 5E2DA8F6 5F6077BF 3804D492 F3261E63 9373DA17 5FC3D3AF 78624A59

  DF2634A7 7CF415B8 0EDE017B CB07DD72 AF300ADE 619C3FB5 C85822C2 4C6FF7A2

  FD1E8821 CB2A7CEF 19494414 73FEF671 35B74682 65181F1D 11A623D0 341BA7CF

  EB69B426 C71E7095 FF756A79 7226BA48 723F3B32 FC3B13F0 0A18F78D 0B

        quit

dot11 syslog

!

dot11 ssid GG

   max-associations 20

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 0 **********

!

ip cef

!

!

ip domain name GG.

ip name-server 139.130.4.4

!

vpdn enable

!

vpdn-group VPN

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

!

username GG password 0 *****

username GG privilege 15 secret 5 $1$cNkE$Zcln2VDZse.s0krQ1orEw0

!

!

archive

log config

  hidekeys

!

!

ip ssh version 2

!

bridge irb

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.3 point-to-point

description Internet ATM

pvc 8/35

  dialer pool-member 1

  protocol ppp dialer

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

peer default ip address pool VPN-CLIENTS

ppp encrypt mppe auto

ppp authentication ms-chap ms-chap-v2

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers tkip

!

broadcast-key change 60

!

!

ssid GG

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

world-mode dot11d country AU both

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description LAN VLAN

no ip address

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1432

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Dialer3

description Internet Dialer

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1432

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname

GG@direct.telstra.net

ppp chap password 0 ********

ppp pap sent-username

GG@direct.telstra.net

password 0 ****

!

interface BVI1

ip address 192.168.33.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip local pool VPN-CLIENTS 192.168.33.220 192.168.33.235

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer3

!

ip http server

ip http secure-server

ip nat inside source static tcp 192.168.33.2 25 interface Dialer3 25

ip nat inside source static tcp 192.168.33.2 80 interface Dialer3 80

ip nat inside source static tcp 192.168.33.2 443 interface Dialer3 443

ip nat inside source static tcp 192.168.33.2 3389 interface Dialer3 3390

ip nat inside source list 100 interface Dialer3 overload

!

access-list 100 remark Permit IPs for NAT

access-list 100 permit ip 192.168.33.0 0.0.0.255 any

access-list 110 permit gre any any

access-list 111 permit tcp any any eq 1723

dialer-list 1 protocol ip permit

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

no modem enable

line aux 0

line vty 0 4

!

scheduler max-task-time 5000

end

Everyone's tags (1)
877
Views
0
Helpful
0
Replies
CreatePlease login to create content