swatsystems
asked on
Microsoft PPTP passthrough on Cisco 1841 IOS 12.4.19 Mainline Advanced IP Services
I have the above hardware / ios, and everything is working perfectly with the exception of PPTP passthrough to a Microsoft VPN server. Here is what I have done.
ip nat source static 192.168.0.2 70.1.2.3 //add the nat
ip access-list extended fa0/0_in //inbound acl on public interface
permit tcp any host 70.1.2.3 eq 1723
permit gre any any
deny ip any any log
interface fasteth 0/0
ip address 70.1.2.4
access-group fa0/0_in in
no shutdown
I have many more nats, and many more permits in the access list, and all other nats and permits are working fine. When I do a show ip nat trans, it show the gre and the 1723 natted correctly. If I remove the ACL, it still doesn't work. No traffic is being denied in the logs. The Windows client hangs on verifying username and password. The Windows server event view reports that the authentication timed out. The RRAS logs are enabled, but missing. And most importantly, when I connect to the VPN server from another site through a point-to-point t1, it works fine. My best guess is that it is something with GRE and this version of IOS, but none of the old GRE tricks work on this router.
Any ideas?
Best Regards,
Cory
ip nat source static 192.168.0.2 70.1.2.3 //add the nat
ip access-list extended fa0/0_in //inbound acl on public interface
permit tcp any host 70.1.2.3 eq 1723
permit gre any any
deny ip any any log
interface fasteth 0/0
ip address 70.1.2.4
access-group fa0/0_in in
no shutdown
I have many more nats, and many more permits in the access list, and all other nats and permits are working fine. When I do a show ip nat trans, it show the gre and the 1723 natted correctly. If I remove the ACL, it still doesn't work. No traffic is being denied in the logs. The Windows client hangs on verifying username and password. The Windows server event view reports that the authentication timed out. The RRAS logs are enabled, but missing. And most importantly, when I connect to the VPN server from another site through a point-to-point t1, it works fine. My best guess is that it is something with GRE and this version of IOS, but none of the old GRE tricks work on this router.
Any ideas?
Best Regards,
Cory
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml