PPTP VPN 807

By TPreston
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

TPreston

Posted
Posted

Im setting up another vpn for cleaning malware infected computers remotely and some other things, Normally id use SSTP nat tcp 443 and be done in 5 minutes but in this case I need to use another tunnelling protocol because I already use SSTP for remote access and I want this traffic on another network. I have allready setup the VPN using PPTP because Im not terribly concerned about security and I just want something quick and simple to setup. Its working fine when I try to connect on the LAN side but from the internet all clients give vpn error 807.

 

Upon further inspection while the clients are connecting I get traffic successfully passed from the router to the vpn server over port 1723 but after that initial transfer the network adapter (on the vpn server) dosnt show any more traffic and eventually the vpn connection times out after 3-4 seconds.

Im thinking this is GRE but ive referred to  http://www.cisco.com/c/en/us/support/docs/ip/point-to-point-tunneling-protocol-pptp/12483-pptp-pat.html and everything seems to be ok.

 

Im using the exact same settings for both the LAN vpn client (not on the same server a different hyperv host on the same vlan) and the external vpn client one works the other dosnt. If it makes any difference im using tagged vlan for the router and the switch. I can of course ping from the router to the vpn server.

 

Config for the remote support network on the 877W (using vlan 1 because it has a max of 4 vlans will be replacing this router with an 891w soon), Im not using the zone based firewall because its all connected to a TMG firewall and the vpn server is also a tmg firewall

 

interface FastEthernet3
 description Remote Support VPN Interface
 switchport access vlan 13
 switchport trunk allowed vlan 1,13,1002-1005
 switchport mode trunk
 !
!
interface Vlan13
 description VPN Interface
 ip address 10.0.3.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 !
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname eircom
 ppp chap password 7 06041D2E4D4A0B180B1343
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
 !
ip nat inside source static tcp 10.0.2.2 80 interface Dialer1 80
ip nat inside source static tcp 10.0.2.2 443 interface Dialer1 443(send incoming web traffic to the TMG Server)
ip nat inside source static tcp 10.0.3.21 1723 interface Dialer1 1723 (send incoming PPTP to the dedicated remote support network)
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.0.0 255.255.255.0 BVI1 10.0.1.2 permanent (Access the internal severnet through the clientnet)
!
ip radius source-interface BVI1
no logging trap
access-list 101 remark DialerList
access-list 101 permit gre any any
access-list 101 permit ip any any
access-list 101 permit udp any any
access-list 101 permit icmp any any
access-list 101 permit igmp any any
access-list 101 permit tcp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any host 10.0.3.21 log
access-list 101 permit tcp any eq 1723 host 10.0.3.21 eq 1723 log
dialer-list 101 protocol ip permit
no cdp run
 

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.