TPreston Posted June 26, 2014 Share Posted June 26, 2014 Im setting up another vpn for cleaning malware infected computers remotely and some other things, Normally id use SSTP nat tcp 443 and be done in 5 minutes but in this case I need to use another tunnelling protocol because I already use SSTP for remote access and I want this traffic on another network. I have allready setup the VPN using PPTP because Im not terribly concerned about security and I just want something quick and simple to setup. Its working fine when I try to connect on the LAN side but from the internet all clients give vpn error 807. Upon further inspection while the clients are connecting I get traffic successfully passed from the router to the vpn server over port 1723 but after that initial transfer the network adapter (on the vpn server) dosnt show any more traffic and eventually the vpn connection times out after 3-4 seconds. Im thinking this is GRE but ive referred to http://www.cisco.com/c/en/us/support/docs/ip/point-to-point-tunneling-protocol-pptp/12483-pptp-pat.html and everything seems to be ok. Im using the exact same settings for both the LAN vpn client (not on the same server a different hyperv host on the same vlan) and the external vpn client one works the other dosnt. If it makes any difference im using tagged vlan for the router and the switch. I can of course ping from the router to the vpn server. Config for the remote support network on the 877W (using vlan 1 because it has a max of 4 vlans will be replacing this router with an 891w soon), Im not using the zone based firewall because its all connected to a TMG firewall and the vpn server is also a tmg firewall interface FastEthernet3 description Remote Support VPN Interface switchport access vlan 13 switchport trunk allowed vlan 1,13,1002-1005 switchport mode trunk !!interface Vlan13 description VPN Interface ip address 10.0.3.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip virtual-reassembly ip tcp adjust-mss 1412 !!interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname eircom ppp chap password 7 06041D2E4D4A0B180B1343 ppp ipcp dns request ppp ipcp route default ppp ipcp address accept !ip nat inside source static tcp 10.0.2.2 80 interface Dialer1 80ip nat inside source static tcp 10.0.2.2 443 interface Dialer1 443(send incoming web traffic to the TMG Server)ip nat inside source static tcp 10.0.3.21 1723 interface Dialer1 1723 (send incoming PPTP to the dedicated remote support network)ip nat inside source list 101 interface Dialer1 overloadip route 0.0.0.0 0.0.0.0 Dialer1ip route 10.0.0.0 255.255.255.0 BVI1 10.0.1.2 permanent (Access the internal severnet through the clientnet)!ip radius source-interface BVI1no logging trapaccess-list 101 remark DialerListaccess-list 101 permit gre any anyaccess-list 101 permit ip any anyaccess-list 101 permit udp any anyaccess-list 101 permit icmp any anyaccess-list 101 permit igmp any anyaccess-list 101 permit tcp any anyaccess-list 101 permit tcp any any eq 1723access-list 101 permit gre any host 10.0.3.21 logaccess-list 101 permit tcp any eq 1723 host 10.0.3.21 eq 1723 logdialer-list 101 protocol ip permitno cdp run Link to comment Share on other sites More sharing options...
Recommended Posts