Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 870 VPN Passthrough setup help for newbie

Hi All,

I am new to my current position and have to change over to our new internet connection using a new Cisco 870 router. My question is how to configure the router to NAT traffice through to a windows 2003 RAS box, below is my current config that I have tried, I was able to NAT out mail, but having trouble with the RAS/VPN setup.

Any help would be fantastic...




Current configuration : 5355 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname TB_BB_Package
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-2965917561
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2965917561
revocation-check none
rsakeypair TP-self-signed-2965917561
crypto pki certificate chain TP-self-signed-2965917561
certificate self-signed 01
  30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32393635 39313735 3631301E 170D3032 30333036 30343137
  33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363539
  551D1104 11300F82 0D54425F 42425F50 61636B61 6765301F 0603551D 23041830
  1680144D A8A29A29 0F29CB6D 5E5E9815 ED8376D7 1F2B8230 1D060355 1D0E0416
  04144DA8 A29A290F 29CB6D5E 5E9815ED 8376D71F 2B82300D 06092A86 4886F70D
  01010405 00038181 00769B79 C63DE5ED 890098B4 58E1EC63 848272FB 869C5269
  D9B8D526 00D1B82A 466606B4 7343C5AA 04DECAB5 60967BB1 9D882F01 4A00B4F9
  97B381BA EC3AF5E9 0F564160 33E6A0AD 638A522E 7A2AF73A 86BA2348 852BA1AE
  3716FE10 10C21372 52792A2C 5A021191 26A53167 3BB998FF DA8FD5AC 0D3EF80A
  DD1A674A 757EEA4C AA
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp pool Customer-LAN
   lease 0 2
username @@@@ privilege 15 secret 5 ^$%#*)_@
log config
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
no ip address
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
station-role root
interface Vlan1
description Customer-LAN
ip address
ip nat inside
ip virtual-reassembly
interface Dialer0
description Public-Interface
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname *********
ppp chap password *$#%%^
ip forward-protocol nd
ip route Dialer0
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list NAT interface Dialer0 overload
ip nat inside source static tcp
ip nat inside source static udp 1194 interface Dialer0 1194
ip nat inside source static tcp 25 interface Dialer0 25
ip nat inside source static tcp 1723 interface Dialer0 1723
ip access-list extended NAT
permit ip any
access-list 103 remark Outbound Ruleset
access-list 103 permit ip any
access-list 103 deny   ip any any log
access-list 104 remark Inbound Ruleset
access-list 104 deny   ip any
access-list 104 deny   ip any
access-list 104 deny   ip any
access-list 104 deny   ip any
access-list 104 deny   ip host any
access-list 104 deny   ip host any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 permit tcp any host eq smtp
access-list 104 permit tcp any host eq 1723
access-list 104 permit udp any host eq 1194
access-list 104 permit gre any host
access-list 104 deny   ip any any log
dialer-list 1 protocol ip permit
banner login ^CC

* Access to this computer system is limited to authorised users only. *
* Unauthorised users may be subject to prosecution under the Crimes   *
*                       Act or State legislation                      *
*                                                                     *
* Please note, ALL CUSTOMER DETAILS are confidential and must         *
*                         not be disclosed.                           *
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input ssh
scheduler max-task-time 5000

Everyone's tags (6)
CreatePlease to create content