xaero_cool
asked on
HI i have a Cisco 800 series router, it seems to be blocking a pptp connection going through it. HELP worth 500?
Hi
I have a cisco 800 series router. I'm trying to connect to a server behind it, though a microsoft pptp client. But the router doesn't allow it. It gets to the registering computer on network stage after verifying user name and password then bugs out and says server could not allocate an IP address. I read on the net somewhere that pptp and the cisco router both use GRE or something, they apartently conflict or something. Is there an access list or something i can setup to allow protocol access for GRE.
Or another solution if this is complete crap?
Thanks
Xaero
I have a cisco 800 series router. I'm trying to connect to a server behind it, though a microsoft pptp client. But the router doesn't allow it. It gets to the registering computer on network stage after verifying user name and password then bugs out and says server could not allocate an IP address. I read on the net somewhere that pptp and the cisco router both use GRE or something, they apartently conflict or something. Is there an access list or something i can setup to allow protocol access for GRE.
Or another solution if this is complete crap?
Thanks
Xaero
Xaero,
I ran into a similar situation before and it turned out to be that the DHCP service was not running on the server.
-Don
I ran into a similar situation before and it turned out to be that the DHCP service was not running on the server.
-Don
ASKER
I'm using the command line interface, and the DHCP is enabled becasue i can connect using a cisco VPN client and it works perfectly but pptp doesn't.
Any ideas?
Xaero
Any ideas?
Xaero
Have Cisco Router, was in the news, may be pertinent
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
You need to do a "one to one" NAT translation to use PPTP through your router. Yes, its because of the GRE protocol PPTP uses. If you don't have a second public IP address to do a "one to one" NAT, you will need to look at a different solution. What about using L2TP instead of PPTP? You should then be able to forward TCP port 1701 and UDP port 500 to the VPN server.
ASKER
whats the command lines i would use to do the one to one NAT?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is there any other way if i didn't have a spare Ip address, and when you say spare i have a patch panel with a number of IP addresses which are all behind a router. The have extrenal access but through the router or do u mean an extra IP address on the same level as the router?
You would need another IP address from your ISP. A routable, public IP address like the one assigned to the outside interface of your router, not an internal, private IP address.
What are you using to configure the router? The CLI?
Cheers,
IceRaven