Sign in to follow this  


Recommended Posts

TPreston    5,380

Im setting up another vpn for cleaning malware infected computers remotely and some other things, Normally id use SSTP nat tcp 443 and be done in 5 minutes but in this case I need to use another tunnelling protocol because I already use SSTP for remote access and I want this traffic on another network. I have allready setup the VPN using PPTP because Im not terribly concerned about security and I just want something quick and simple to setup. Its working fine when I try to connect on the LAN side but from the internet all clients give vpn error 807.


Upon further inspection while the clients are connecting I get traffic successfully passed from the router to the vpn server over port 1723 but after that initial transfer the network adapter (on the vpn server) dosnt show any more traffic and eventually the vpn connection times out after 3-4 seconds.

Im thinking this is GRE but ive referred to and everything seems to be ok.


Im using the exact same settings for both the LAN vpn client (not on the same server a different hyperv host on the same vlan) and the external vpn client one works the other dosnt. If it makes any difference im using tagged vlan for the router and the switch. I can of course ping from the router to the vpn server.


Config for the remote support network on the 877W (using vlan 1 because it has a max of 4 vlans will be replacing this router with an 891w soon), Im not using the zone based firewall because its all connected to a TMG firewall and the vpn server is also a tmg firewall


interface FastEthernet3
 description Remote Support VPN Interface
 switchport access vlan 13
 switchport trunk allowed vlan 1,13,1002-1005
 switchport mode trunk
interface Vlan13
 description VPN Interface
 ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip virtual-reassembly
 ip tcp adjust-mss 1412
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname eircom
 ppp chap password 7 06041D2E4D4A0B180B1343
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
ip nat inside source static tcp 80 interface Dialer1 80
ip nat inside source static tcp 443 interface Dialer1 443(send incoming web traffic to the TMG Server)
ip nat inside source static tcp 1723 interface Dialer1 1723 (send incoming PPTP to the dedicated remote support network)
ip nat inside source list 101 interface Dialer1 overload
ip route Dialer1
ip route BVI1 permanent (Access the internal severnet through the clientnet)
ip radius source-interface BVI1
no logging trap
access-list 101 remark DialerList
access-list 101 permit gre any any
access-list 101 permit ip any any
access-list 101 permit udp any any
access-list 101 permit icmp any any
access-list 101 permit igmp any any
access-list 101 permit tcp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any host log
access-list 101 permit tcp any eq 1723 host eq 1723 log
dialer-list 101 protocol ip permit
no cdp run

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.