Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN across routers in series

Greetings Cisco experts!

I've searched far and wide and can't seem to come across a solution. I even asked the folks over on spiceworks.com, but they didn't seem to have a solution either.

Trying to VPN into a Dell server which I have at home in my home lab, but I've separated off into another network.

Here's the topology:

ISP > cable modem > Cisco Linksys e1200 WAP > Cisco 891W Router > Dell Server

On WAP: default gateway 192.168.1.1, port forwarding for 1723 (PPTP) to 192.168.1.2 

Cisco 891W: incoming int from ISP I've given 192.168.1.2 (int gi0)

 int vlan 4 I've given 192.168.2.1

Dell Server: static ip 192.168.2.20, with DHCP and DNS setup. It can access the internet just fine, and can even remote login to my personal laptop back over on the 192.168.1.0 network. But when attempting to VPN into the Dell server (which I've set up RRAS and given the public IP of the ISP), I get the error 807, that it can't access the VPN server. From the server, I can ping the rest of the network. But from my laptop, I cannot successfully ping anything in the 192.168.2.0 network. 

I've attached the current config of the 891W router. Any insight you could provide would be greatly appreciated. Thanks in advance.

 

Config:

Current configuration : 3298 bytes
!
! Last configuration change at 22:16:32 UTC Mon Sep 1 2014
! NVRAM config last updated at 16:07:18 UTC Mon Sep 1 2014
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
service-module wlan-ap 0 bootimage autonomous
!
!
no ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn XXXXXXX
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 4
 !
!
interface FastEthernet1
 switchport access vlan 4
 !
!
interface FastEthernet2
 switchport access vlan 4
 !
!
interface FastEthernet3
 switchport access vlan 4
 !
!
interface FastEthernet4
 !
!
interface FastEthernet5
 !
!
interface FastEthernet6
 !
!
interface FastEthernet7
 !
!
interface FastEthernet8
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0
 ip address 192.168.1.2 255.255.255.0
 ip access-group acl-out in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 no ip address
 shutdown
 arp timeout 0
 !
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 !
!
interface Vlan1
 no ip address
 shutdown
 !
!
interface Vlan4
 ip address 192.168.2.1 255.255.255.0
 ip helper-address 192.168.2.20
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 ip policy route-map reroute10traffic
 !
!
interface Async1
 no ip address
 encapsulation slip
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface GigabitEthernet0 overload
ip nat inside source list 110 interface GigabitEthernet0 overload
ip nat inside source static esp 192.168.2.20 interface Vlan4
ip nat inside source route-map A interface GigabitEthernet0 overload
ip nat inside source static udp 192.168.2.20 500 X.X.X.X 500 extendable
ip nat inside source static udp 192.168.2.20 1723 X.X.X.X 1723 extendable
ip nat inside source static udp 192.168.2.20 10000 X.X.X.X 10000 extendable
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip access-list extended PortForward-ACL
 permit udp host 192.168.2.20 any eq isakmp
 permit udp host 192.168.2.20 any eq 10000
ip access-list extended PortFoward-ACL
 permit udp host 192.168.2.20 any eq 1723
 permit tcp host 192.168.2.20 any eq 1723
 permit tcp host 192.168.2.20 any range www 443
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.2.0 0.0.0.255 any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
route-map PortForward-RM permit 10
 match ip address PortForward-ACL
!
!
!
control-plane
 !
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
 login
!
scheduler max-task-time 5000
end

20
Views
0
Helpful
0
Replies
CreatePlease to create content