On WAP: default gateway 192.168.1.1, port forwarding for 1723 (PPTP) to 192.168.1.2
Cisco 891W: incoming int from ISP I've given 192.168.1.2 (int gi0)
int vlan 4 I've given 192.168.2.1
Dell Server: static ip 192.168.2.20, with DHCP and DNS setup. It can access the internet just fine, and can even remote login to my personal laptop back over on the 192.168.1.0 network. But when attempting to VPN into the Dell server (which I've set up RRAS and given the public IP of the ISP), I get the error 807, that it can't access the VPN server. From the server, I can ping the rest of the network. But from my laptop, I cannot successfully ping anything in the 192.168.2.0 network.
I've attached the current config of the 891W router. Any insight you could provide would be greatly appreciated. Thanks in advance.
Current configuration : 3298 bytes ! ! Last configuration change at 22:16:32 UTC Mon Sep 1 2014 ! NVRAM config last updated at 16:07:18 UTC Mon Sep 1 2014 ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname XXXX ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! service-module wlan-ap 0 bootimage autonomous ! ! no ip source-route ! ! ! ! ip cef no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO891W-AGN-A-K9 sn XXXXXXX ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0 switchport access vlan 4 ! ! interface FastEthernet1 switchport access vlan 4 ! ! interface FastEthernet2 switchport access vlan 4 ! ! interface FastEthernet3 switchport access vlan 4 ! ! interface FastEthernet4 ! ! interface FastEthernet5 ! ! interface FastEthernet6 ! ! interface FastEthernet7 ! ! interface FastEthernet8 no ip address shutdown duplex auto speed auto ! ! interface GigabitEthernet0 ip address 192.168.1.2 255.255.255.0 ip access-group acl-out in no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat outside ip virtual-reassembly duplex auto speed auto ! ! interface wlan-ap0 description Service module interface to manage the embedded AP no ip address shutdown arp timeout 0 ! ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP ! ! interface Vlan1 no ip address shutdown ! ! interface Vlan4 ip address 192.168.2.1 255.255.255.0 ip helper-address 192.168.2.20 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ip policy route-map reroute10traffic ! ! interface Async1 no ip address encapsulation slip ! ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list 101 interface GigabitEthernet0 overload ip nat inside source list 110 interface GigabitEthernet0 overload ip nat inside source static esp 192.168.2.20 interface Vlan4 ip nat inside source route-map A interface GigabitEthernet0 overload ip nat inside source static udp 192.168.2.20 500 X.X.X.X 500 extendable ip nat inside source static udp 192.168.2.20 1723 X.X.X.X 1723 extendable ip nat inside source static udp 192.168.2.20 10000 X.X.X.X 10000 extendable ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ip access-list extended PortForward-ACL permit udp host 192.168.2.20 any eq isakmp permit udp host 192.168.2.20 any eq 10000 ip access-list extended PortFoward-ACL permit udp host 192.168.2.20 any eq 1723 permit tcp host 192.168.2.20 any eq 1723 permit tcp host 192.168.2.20 any range www 443 ! access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 110 permit ip 192.168.2.0 0.0.0.255 any access-list 110 permit ip 192.168.1.0 0.0.0.255 any ! ! ! ! route-map PortForward-RM permit 10 match ip address PortForward-ACL ! ! ! control-plane ! ! ! line con 0 line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin udptn ssh line aux 0 line vty 0 4 login ! scheduler max-task-time 5000 end
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...