Jonsie
asked on
Cisco 760 Series Commands
I am trying to allow access to external VPN servers from behind my Cisco 761. But am having difficulties. I believe that certain ports are blocked, including those required for VPN.
Would someone specify the commands needed in oreder to unblock these ports. Your help will be greatly appreciated.
Thanks Chris Jones
Would someone specify the commands needed in oreder to unblock these ports. Your help will be greatly appreciated.
Thanks Chris Jones
It depends on the type of VPN you are trying to use. PPTP? IPSEC? Are you NATing with the Cisco?
ASKER
Yes, the Cisco router is NATing. I would prefer to use IPSEC, but it doesn't matter greatly as it is a windows 2000 to Small Business Server link and I believe that both protocols are supported.
Geoffryn - you may want to read here:
https://www.experts-exchange.com/routerswitch/Q.20295984.html
Jonsie - Couple things here:
Like I said in your other question, routers don't block ports by default and should allow everything to pass. I seriously doubt this is the issues. However, you may want to just post up the config and we can take a look at it. These are one of the least used and least known routers Cisco ever bought and resold, so giving you the commands may not be as easy as just looking through the config and seeing if anything looks unusual.
https://www.experts-exchange.com/routerswitch/Q.20295984.html
Jonsie - Couple things here:
Like I said in your other question, routers don't block ports by default and should allow everything to pass. I seriously doubt this is the issues. However, you may want to just post up the config and we can take a look at it. These are one of the least used and least known routers Cisco ever bought and resold, so giving you the commands may not be as easy as just looking through the config and seeing if anything looks unusual.
ASKER
L0239628> show ip filter all
IP Type Filter
Profile ID Dir Type Action Addresses
--------------------------
Standard 1 OUT UDP IGNORE DST 0.0.0.0/0:137-139
Standard 2 OUT TCP IGNORE DST 0.0.0.0/0:137
LAN 1 IN UDP BLOCK SRC 0.0.0.0/0:137-138
LAN 2 IN TCP BLOCK SRC 0.0.0.0/0:139
RemoteNet 1 IN UDP BLOCK SRC 0.0.0.0/0:137-138
RemoteNet 2 IN TCP BLOCK SRC 0.0.0.0/0:139
RemoteNet 3 OUT UDP IGNORE DST 0.0.0.0/0:137-139
RemoteNet 4 OUT TCP IGNORE DST 0.0.0.0/0:137
IP Generic Filter
Profile ID Dir Type Action Patterns
--------------------------
****
L0239628> show
System Parameters
Environment
Screen Length 20
Echo Mode ON
CountryGroup 2
Bridging Parameters
LAN Forward Mode ANY
WAN Forward Mode ONLY
Address Age Time OFF
Call Startup Parameters
Multidestination OFF
Line Parameters
Switch Type NET3
Alaw Voice Encoding ON
Internal Tones NONE
Call Parameters Link 1 Link 2 Link D
Retry Delay 30 30
Serial Port State CONFIG
<Q> and <enter> to Quit or <enter> for MORE
Profile Parameters
Bridging Parameters
Bridging ON
Routed Protocols IP
Learn Mode ON
Passthru ON
Call Startup Parameters
Line Parameters
Line Speed AUTO
Numbering Plan NORMAL
Call Parameters Link 1 Link 2 Link D
Auto ON ON OFF
Permanent OFF OFF OFF
Called Number
Backup Number
Ringback Number
CLI Validate Number
CLICallback OFF
CLIAuthentication OFF
<Q> and <enter> to Quit or <enter> for MORE
Status 01/06/1995 02:13:59
Line Status
Line Activated
Terminal Identifier Assigned
Port Status Interface Connection Link
Ch: 1 64K Call In Progress 08440404002 DATA 2 1
Ch: 2 Waiting for Call
L0239628>
*****
L0239628> upload
CD
SET SCREENLENGTH 20
SET COUNTRYGROUP 2
SET LAN MODE ANY
SET WAN MODE ONLY
SET AGE OFF
SET MULTIDESTINATION OFF
SET SWITCH NET3
SET ALAWVOICE ON
SET INTERNALTONES NONE
SET 1 DELAY 30
SET 2 DELAY 30
SET BRIDGING ON
SET LEARN ON
SET PASSTHRU ON
SET SPEED AUTO
SET PLAN NORMAL
SET D AUTO OFF
SET 1 AUTO ON
SET 2 AUTO ON
SET 1 NUMBER
SET 2 NUMBER
SET AODI OFF
SET 1 BACKUPNUMBER
SET 2 BACKUPNUMBER
SET 1 RINGBACK
SET 2 RINGBACK
SET 1 CLIVALIDATENUMBER
SET 2 CLIVALIDATENUMBER
SET CLICALLBACK OFF
SET CLIAUTHENTICATION OFF
SET SYSTEMNAME L0239628
LOG CALLS TIME VERBOSE
SET UNICASTFILTER OFF
DEMAND D THRESHOLD 0
DEMAND 1 THRESHOLD 0
DEMAND 2 THRESHOLD 48
DEMAND D DURATION 1
DEMAND 1 DURATION 1
DEMAND 2 DURATION 1
DEMAND D SOURCE LAN
DEMAND 1 SOURCE LAN
DEMAND 2 SOURCE BOTH
TIMEOUT D THRESHOLD 0
TIMEOUT 1 THRESHOLD 0
TIMEOUT 2 THRESHOLD 48
TIMEOUT D DURATION 1800
TIMEOUT 1 DURATION 1800
TIMEOUT 2 DURATION 1800
TIMEOUT D SOURCE LAN
TIMEOUT 1 SOURCE LAN
TIMEOUT 2 SOURCE BOTH
SET AOCDTIMEOUT OFF
SET REMOTEACCESS PROTECTED
SET LOCALACCESS ON
SET LOGOUT 20
SET CALLERID OFF
SET PPP AUTHENTICATION IN CHAP PAP
SET PPP CHAPREFUSE NONE
SET PPP CHAPALLOW MULTIHOST OFF
SET PPP MAGICNUMBERCHECK ON
SET PPP AUTHENTICATION OUT NONE
SET PPP AUTHENTICATION ACCEPT EITHER
SET PPP TAS CLIENT 0.0.0.0
SET PPP TAS CHAPSECRET LOCAL ON
SET PPP PASSWORD CLIENT ENCRYPTED 1442342e5d210c0806
SET PPP SECRET CLIENT ENCRYPTED 15472d29550f0d070a
SET PPP PASSWORD HOST ENCRYPTED 124c2332432e2a2708
SET PPP SECRET HOST ENCRYPTED 055e202a7069682a3b
SET PPP CALLBACK REQUEST OFF
SET PPP CALLBACK REPLY OFF
SET PPP NEGOTIATION INTEGRITY 10
SET PPP NEGOTIATION COUNT 10
SET PPP NEGOTIATION RETRY 3000
SET PPP TERMREQ COUNT 2
SET PPP MULTILINK OFF
SET PPP MULTILINK PPPHEADER ON
SET COMPRESSION STAC
SET PPP BACP ON
SET PPP ADDRESS NEGOTIATION LOCAL OFF
SET PPP IP NETMASK LOCAL OFF
SET IP PAT UDPTIMEOUT 5
SET IP PAT TCPTIMEOUT 30
SET IP RIP TIME 30
SET X25 LIC 0
SET X25 HIC 0
SET X25 LTC 0
SET X25 HTC 0
SET X25 LOC 1024
SET X25 HOC 1024
SET CALLDURATION 0
SET SNMP CONTACT ""
SET SNMP LOCATION ""
SET SNMP TRAP COLDSTART OFF
SET SNMP TRAP WARMSTART OFF
SET SNMP TRAP LINKDOWN OFF
SET SNMP TRAP LINKUP OFF
SET SNMP TRAP AUTHENTICATIONFAIL OFF
SET DHCP OFF
SET DHCP DOMAIN
SET DHCP NETBIOS_SCOPE
SET TPAD PARITY NONE
SET X25D TEI 0
SET X25D X121HOST
SET CALLTIME VOICE INCOMING OFF
SET CALLTIME VOICE OUTGOING OFF
SET CALLTIME DATA INCOMING OFF
SET CALLTIME DATA OUTGOING OFF
SET RCAPI ON
SET RCAPI SERVER PORT 2578
SET USER LAN
SET BRIDGING OFF
SET IP ROUTING ON
SET IP ADDRESS 10.0.0.1
SET IP NETMASK 255.0.0.0
SET IP FRAMING ETHERNET_II
SET IP PROPAGATE ON
SET IP COST 1
SET IP RIP RECEIVE V1
SET IP RIP UPDATE OFF
SET IP RIP VERSION 1
SET USER Internal
SET IP ROUTING OFF
SET IP ADDRESS 0.0.0.0
SET IP FRAMING ETHERNET_II
SET USER Standard
SET PROFILE ID 000000000000
SET PROFILE POWERUP ACTIVATE
SET PROFILE DISCONNECT KEEP
SET IP ROUTING ON
SET IP ADDRESS 0.0.0.0
SET IP NETMASK 0.0.0.0
SET IP FRAMING NONE
SET IP RIP RECEIVE V1
SET IP RIP UPDATE OFF
SET IP RIP VERSION 1
SET NETBIOS FILTER ON
SET USER RemoteNet
SET PROFILE ID 000000000000
SET PROFILE POWERUP ACTIVATE
SET PROFILE DISCONNECT KEEP
SET BRIDGING OFF
SET 1 NUMBER 08440404002
SET 2 NUMBER 08440404002
TIMEOUT 1 THRESHOLD 20
TIMEOUT 2 THRESHOLD 48
TIMEOUT 1 DURATION 360
TIMEOUT 2 DURATION 60
TIMEOUT 1 SOURCE BOTH
TIMEOUT 2 SOURCE BOTH
SET PPP ADDRESS NEGOTIATION LOCAL ON
SET IP ROUTING ON
SET IP ADDRESS 213.122.226.229
SET IP NETMASK 255.255.255.0
SET IP FRAMING NONE
SET IP PROPAGATE ON
SET IP COST 1
SET IP RIP RECEIVE V1
SET IP RIP UPDATE OFF
SET IP RIP VERSION 1
SET IP PAT ON
SET NETBIOS FILTER ON
SET IP ROUTE DEST 0.0.0.0/0 GATEWAY 0.0.0.0 PROPAGATE ON COST 1
CD
SET SERIALPORT CONFIG
LOGOUT
L0239628>
Hope this helps... do you need any other info?
IP Type Filter
Profile ID Dir Type Action Addresses
--------------------------
Standard 1 OUT UDP IGNORE DST 0.0.0.0/0:137-139
Standard 2 OUT TCP IGNORE DST 0.0.0.0/0:137
LAN 1 IN UDP BLOCK SRC 0.0.0.0/0:137-138
LAN 2 IN TCP BLOCK SRC 0.0.0.0/0:139
RemoteNet 1 IN UDP BLOCK SRC 0.0.0.0/0:137-138
RemoteNet 2 IN TCP BLOCK SRC 0.0.0.0/0:139
RemoteNet 3 OUT UDP IGNORE DST 0.0.0.0/0:137-139
RemoteNet 4 OUT TCP IGNORE DST 0.0.0.0/0:137
IP Generic Filter
Profile ID Dir Type Action Patterns
--------------------------
****
L0239628> show
System Parameters
Environment
Screen Length 20
Echo Mode ON
CountryGroup 2
Bridging Parameters
LAN Forward Mode ANY
WAN Forward Mode ONLY
Address Age Time OFF
Call Startup Parameters
Multidestination OFF
Line Parameters
Switch Type NET3
Alaw Voice Encoding ON
Internal Tones NONE
Call Parameters Link 1 Link 2 Link D
Retry Delay 30 30
Serial Port State CONFIG
<Q> and <enter> to Quit or <enter> for MORE
Profile Parameters
Bridging Parameters
Bridging ON
Routed Protocols IP
Learn Mode ON
Passthru ON
Call Startup Parameters
Line Parameters
Line Speed AUTO
Numbering Plan NORMAL
Call Parameters Link 1 Link 2 Link D
Auto ON ON OFF
Permanent OFF OFF OFF
Called Number
Backup Number
Ringback Number
CLI Validate Number
CLICallback OFF
CLIAuthentication OFF
<Q> and <enter> to Quit or <enter> for MORE
Status 01/06/1995 02:13:59
Line Status
Line Activated
Terminal Identifier Assigned
Port Status Interface Connection Link
Ch: 1 64K Call In Progress 08440404002 DATA 2 1
Ch: 2 Waiting for Call
L0239628>
*****
L0239628> upload
CD
SET SCREENLENGTH 20
SET COUNTRYGROUP 2
SET LAN MODE ANY
SET WAN MODE ONLY
SET AGE OFF
SET MULTIDESTINATION OFF
SET SWITCH NET3
SET ALAWVOICE ON
SET INTERNALTONES NONE
SET 1 DELAY 30
SET 2 DELAY 30
SET BRIDGING ON
SET LEARN ON
SET PASSTHRU ON
SET SPEED AUTO
SET PLAN NORMAL
SET D AUTO OFF
SET 1 AUTO ON
SET 2 AUTO ON
SET 1 NUMBER
SET 2 NUMBER
SET AODI OFF
SET 1 BACKUPNUMBER
SET 2 BACKUPNUMBER
SET 1 RINGBACK
SET 2 RINGBACK
SET 1 CLIVALIDATENUMBER
SET 2 CLIVALIDATENUMBER
SET CLICALLBACK OFF
SET CLIAUTHENTICATION OFF
SET SYSTEMNAME L0239628
LOG CALLS TIME VERBOSE
SET UNICASTFILTER OFF
DEMAND D THRESHOLD 0
DEMAND 1 THRESHOLD 0
DEMAND 2 THRESHOLD 48
DEMAND D DURATION 1
DEMAND 1 DURATION 1
DEMAND 2 DURATION 1
DEMAND D SOURCE LAN
DEMAND 1 SOURCE LAN
DEMAND 2 SOURCE BOTH
TIMEOUT D THRESHOLD 0
TIMEOUT 1 THRESHOLD 0
TIMEOUT 2 THRESHOLD 48
TIMEOUT D DURATION 1800
TIMEOUT 1 DURATION 1800
TIMEOUT 2 DURATION 1800
TIMEOUT D SOURCE LAN
TIMEOUT 1 SOURCE LAN
TIMEOUT 2 SOURCE BOTH
SET AOCDTIMEOUT OFF
SET REMOTEACCESS PROTECTED
SET LOCALACCESS ON
SET LOGOUT 20
SET CALLERID OFF
SET PPP AUTHENTICATION IN CHAP PAP
SET PPP CHAPREFUSE NONE
SET PPP CHAPALLOW MULTIHOST OFF
SET PPP MAGICNUMBERCHECK ON
SET PPP AUTHENTICATION OUT NONE
SET PPP AUTHENTICATION ACCEPT EITHER
SET PPP TAS CLIENT 0.0.0.0
SET PPP TAS CHAPSECRET LOCAL ON
SET PPP PASSWORD CLIENT ENCRYPTED 1442342e5d210c0806
SET PPP SECRET CLIENT ENCRYPTED 15472d29550f0d070a
SET PPP PASSWORD HOST ENCRYPTED 124c2332432e2a2708
SET PPP SECRET HOST ENCRYPTED 055e202a7069682a3b
SET PPP CALLBACK REQUEST OFF
SET PPP CALLBACK REPLY OFF
SET PPP NEGOTIATION INTEGRITY 10
SET PPP NEGOTIATION COUNT 10
SET PPP NEGOTIATION RETRY 3000
SET PPP TERMREQ COUNT 2
SET PPP MULTILINK OFF
SET PPP MULTILINK PPPHEADER ON
SET COMPRESSION STAC
SET PPP BACP ON
SET PPP ADDRESS NEGOTIATION LOCAL OFF
SET PPP IP NETMASK LOCAL OFF
SET IP PAT UDPTIMEOUT 5
SET IP PAT TCPTIMEOUT 30
SET IP RIP TIME 30
SET X25 LIC 0
SET X25 HIC 0
SET X25 LTC 0
SET X25 HTC 0
SET X25 LOC 1024
SET X25 HOC 1024
SET CALLDURATION 0
SET SNMP CONTACT ""
SET SNMP LOCATION ""
SET SNMP TRAP COLDSTART OFF
SET SNMP TRAP WARMSTART OFF
SET SNMP TRAP LINKDOWN OFF
SET SNMP TRAP LINKUP OFF
SET SNMP TRAP AUTHENTICATIONFAIL OFF
SET DHCP OFF
SET DHCP DOMAIN
SET DHCP NETBIOS_SCOPE
SET TPAD PARITY NONE
SET X25D TEI 0
SET X25D X121HOST
SET CALLTIME VOICE INCOMING OFF
SET CALLTIME VOICE OUTGOING OFF
SET CALLTIME DATA INCOMING OFF
SET CALLTIME DATA OUTGOING OFF
SET RCAPI ON
SET RCAPI SERVER PORT 2578
SET USER LAN
SET BRIDGING OFF
SET IP ROUTING ON
SET IP ADDRESS 10.0.0.1
SET IP NETMASK 255.0.0.0
SET IP FRAMING ETHERNET_II
SET IP PROPAGATE ON
SET IP COST 1
SET IP RIP RECEIVE V1
SET IP RIP UPDATE OFF
SET IP RIP VERSION 1
SET USER Internal
SET IP ROUTING OFF
SET IP ADDRESS 0.0.0.0
SET IP FRAMING ETHERNET_II
SET USER Standard
SET PROFILE ID 000000000000
SET PROFILE POWERUP ACTIVATE
SET PROFILE DISCONNECT KEEP
SET IP ROUTING ON
SET IP ADDRESS 0.0.0.0
SET IP NETMASK 0.0.0.0
SET IP FRAMING NONE
SET IP RIP RECEIVE V1
SET IP RIP UPDATE OFF
SET IP RIP VERSION 1
SET NETBIOS FILTER ON
SET USER RemoteNet
SET PROFILE ID 000000000000
SET PROFILE POWERUP ACTIVATE
SET PROFILE DISCONNECT KEEP
SET BRIDGING OFF
SET 1 NUMBER 08440404002
SET 2 NUMBER 08440404002
TIMEOUT 1 THRESHOLD 20
TIMEOUT 2 THRESHOLD 48
TIMEOUT 1 DURATION 360
TIMEOUT 2 DURATION 60
TIMEOUT 1 SOURCE BOTH
TIMEOUT 2 SOURCE BOTH
SET PPP ADDRESS NEGOTIATION LOCAL ON
SET IP ROUTING ON
SET IP ADDRESS 213.122.226.229
SET IP NETMASK 255.255.255.0
SET IP FRAMING NONE
SET IP PROPAGATE ON
SET IP COST 1
SET IP RIP RECEIVE V1
SET IP RIP UPDATE OFF
SET IP RIP VERSION 1
SET IP PAT ON
SET NETBIOS FILTER ON
SET IP ROUTE DEST 0.0.0.0/0 GATEWAY 0.0.0.0 PROPAGATE ON COST 1
CD
SET SERIALPORT CONFIG
LOGOUT
L0239628>
Hope this helps... do you need any other info?
Thanks scraig84, I didn't realize there was another thread on this.
Jonsie. The chances are that this device requires a one to one NAT in order to properly pass GRE packets. The symptoms in the other thread are usually indicative of connecting on the control port 1723 but then failing to properly pass GRE packets.
Jonsie. The chances are that this device requires a one to one NAT in order to properly pass GRE packets. The symptoms in the other thread are usually indicative of connecting on the control port 1723 but then failing to properly pass GRE packets.
ASKER
would this not then mean that only one PC will have direct access to the outside world?
No. GRE is a strange animal. It is not a TCP or UDP port level service, it is a type of IP packet. On most Cisco IOS implementations of NAT, it requires that a static association be made between the private and public IP for GRE. The one to one assocation need only apply to GRE packets.
ASKER
Thats great, how do I do this though?
ASKER
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/750/700cr44/700crip.htm#xtocid554917
pretty sure the relevent information is under "set ip filter ...." or "set ip pat porthandler" although I'm not totally sure of the usage for my specific problem.
Hope you guys can make more sense out of it.
pretty sure the relevent information is under "set ip filter ...." or "set ip pat porthandler" although I'm not totally sure of the usage for my specific problem.
Hope you guys can make more sense out of it.
I cannot find any indication that this device has any ability to deal wiht GRE ion a NAT configuration.
ASKER
hmmmm... do both IPSec AND PPTP use GRE??? I don't mind which I use.
Yes. IPSEC is even more picky about NAT than PPTP. What version of the "IOS" is on the 761?
ASKER
All version Information
L0239628> version
Software Version c760-in.rxd.NET3 4.4(3) - Aug 2 2000 14:15:00
Cisco 761
ISDN Stack Revision NET3 2.10
Copyright (c) 1993-2000 by Cisco Systems, Inc. All rights reserved.
Software is used subject to software license agreement contained
with this product. By using this product you agree to accept the
terms of the software license.
Hardware Configuration:
DRAM: 1.5MB
Flash: 1.0MB
POTS: Not Installed
NT1: Not Installed
ROM: 2.1(2)
L0239628>
L0239628> version
Software Version c760-in.rxd.NET3 4.4(3) - Aug 2 2000 14:15:00
Cisco 761
ISDN Stack Revision NET3 2.10
Copyright (c) 1993-2000 by Cisco Systems, Inc. All rights reserved.
Software is used subject to software license agreement contained
with this product. By using this product you agree to accept the
terms of the software license.
Hardware Configuration:
DRAM: 1.5MB
Flash: 1.0MB
POTS: Not Installed
NT1: Not Installed
ROM: 2.1(2)
L0239628>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Geoffryn. Although no solution was found you were a fantastic help in solving my problem. Will be replacing router in due course! May even kick me into moving from ISDN to Broadband.
Thanks Again
Thanks Again
I wish I could have been more encouraging.
Hell - as soon as you mentioned 761 my first thought was that a different router would be best! That has always sort of been the bastard-step-child router from Cisco. Sort of a "whoops, we bought a crappy company this time" deal.
ASKER
Yeah, it has been a nightmare since I first got it. Unfortunatley it was supplied tied in with a deal with an ISP. Nver mind, thanks for your help guys.