Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

multiple vpn passthroughs on 837 router

Hi Netpros,

I am trying to establish multiple VPN passthroughs on a CISCO 837. The documentation says to enable this you must do a "ip nat inside source list nn interface BVI xx overload".

I looked at the router config and I believe this has been enabled by default as I can see the following config lines "ip nat inside source list 102 interface Dialer1 overload" and "access-list 102 permit ip 137.219.23.0 0.0.0.255 any"

I am appending the full router config here. Thouggh LAN coms from a "public" address space, they are not advertised through the ISP. The public addresses are there due to historical reasons and my understanding is that should not affect what I am going to do.

Interface Ethernet0

description CRWS Generated text. Please do not delete this:137.219.23.1-255.255

.255.0

ip address 137.x.x.x.255.255.0 secondary

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface ATM0

no ip address

atm vc-per-vp 64

no atm ilmi-keepalive

pvc 8/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

ip access-group 111 in

ip mtu 1492

ip nat outside

ip inspect myfw out

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer remote-name redback

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname mic837

ppp chap password 7 xxxxxx

ppp pap sent-username xxx password 7 xxxxxxx

!

ip nat inside source list 102 interface Dialer1 overload

ip nat inside source static udp 137.x.x.251 5666 interface Dialer1 5666

ip nat inside source static tcp 137.x.x.251 5666 interface Dialer1 5666

ip nat inside source static udp 137.x.x.251 22 interface Dialer1 22

ip nat inside source static tcp 137.x.x.251 22 interface Dialer1 22

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

access-list 23 permit 137.219.23.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 137.x.x.0.0.255 any

access-list 111 permit udp any any eq 5666

** Other enries fro access-lsi 111 deleted ***

2 REPLIES
Purple

Re: multiple vpn passthroughs on 837 router

Is this not working ?

I would also add the following line to ACL 102:

access-list 102 permit ip 10.10.10.0 0.0.0.255

Pls do rate posts that help.

Paresh

New Member

Re: multiple vpn passthroughs on 837 router

Hi Paresh,

I added the ACL as you suggested. But still not working for me. I get "Error 800: Unable to establish a VPN connection" with the Micoroft VPN client once another VPN session is active.

Any other ideas?

Thanks and regards

74
Views
0
Helpful
2
Replies