We help IT Professionals succeed at work.

Cisco 1720 VPN w/ Win2K Server

PLAlanPack
PLAlanPack asked
on
430 Views
Last Modified: 2010-04-17
Hello. I'm trying to make it so we can connect to a VPN located on a server behind our Cisco 1720's firewall. I can connect to the VPN locally, so I know it is set up properly on the Windows 2000 server. I have a block of 12 IP addresses that I can assign to do this VPN, but I'm not sure what needs to be assigned to what. Currently we have two NICs on our W2K box, one getting its ip address from the router via DHCP and the other set statically to 192.168.1.150. Does this need to be changed? As you'll see below, I've attempted to open the PPTP port (1723) for traffic. I'm aware that it responds in GRE though. I just can't get it to let the GRE traffic out.

Here is our current Cisco config:

Building configuration...

Current configuration : 2070 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname [cut]
!
logging rate-limit console 10 except errors
no logging on
[cut for security]
!
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip domain-list *
ip domain-name [cut]
ip name-server 63.x.x.11
ip name-server 63.x.x.10
ip dhcp excluded-address 192.168.100.1 192.168.100.10
!
ip dhcp pool internal
   network 192.168.1.0 255.255.255.0
   domain-name [cut]
   default-router 192.168.1.1
   netbios-name-server 192.168.1.150
   netbios-node-type h-node
   dns-server 63.x.x.11 63.x.x.10
   lease 0 2
!
ip dhcp-server 10.10.10.1
no ip dhcp-client network-discovery
ip address-pool dhcp-proxy-client
appletalk routing
ipx routing 000d.28db.8c2e
!
!
!
interface Ethernet0
 ip address 209.x.x.146 255.255.255.240
 ip access-group 10 in
 ip nat outside
 no ip route-cache
 full-duplex
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip route-cache
 speed auto
 half-duplex
 appletalk address 0.133
 appletalk discovery
!
ip default-gateway 209.x.x.145
ip nat pool ext-net2 209.x.x.146 209.x.x.158 netmask 255.255.255.0
ip nat inside source list 10 interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.150 1723 interface Ethernet0 1723
ip nat inside source static tcp 192.168.1.150 8080 interface Ethernet0 8080
ip nat inside source static tcp 192.168.1.150 80 interface Ethernet0 80
ip nat inside source static 192.168.1.150 209.x.x.157 <---- This is where I'm trying to do 1-1 nat with one of our unused IPs.
ip classless
ip route 0.0.0.0 0.0.0.0 209.197.59.145
no ip http server
!
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit any
access-list 10 permit any
access-list 20 permit 192.168.1.150
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password [cut]
 login
!
end
Comment
Watch Question

So if I understand this correctly, you are trying to VPN to the static NAT 209.x.x.157 ?

A couple things to remember here,

IPSec with AH enabled will not work behind a NAT, but it sounds like you are only using PPTP, which should be ok.


The static NAT should take precedence over the PAT configuration, so I don't think that is a problem.


Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks. After doing this it took off.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.