?
Solved

Cisco Access List, VPN, Microsoft VPN Server

Posted on 2004-10-18
3
Medium Priority
?
469 Views
Last Modified: 2012-06-21
Currently have a 837H ADSL Router with an access-list configured as following

access-list 100 permit tcp any host 202.72.156.58 established
access-list 100 deny ip 222.101.168.0 0.0.0.255 any
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 224.0.0.0 0.255.255.255 any
access-list 100 deny ip 255.0.0.0 0.255.255.255 any
access-list 100 deny ip host 0.0.0.0 any
access-list 100 permit udp any host 202.72.156.58 eq domain
access-list 100 permit tcp host 139.130.4.5 host 202.72.156.58 eq domain
access-list 100 permit udp host 202.72.191.199 eq domain 202.72.156.56 0.0.0.7
access-list 100 permit udp host 202.72.191.199 eq domain host 202.72.146.169
access-list 100 permit udp host 203.10.1.9 eq domain 202.72.156.56 0.0.0.7
access-list 100 permit udp host 203.10.1.9 eq domain host 202.72.146.169
access-list 100 permit tcp any host 202.72.156.58 eq smtp
access-list 100 permit tcp any host 202.72.156.58 eq pop3
access-list 100 permit tcp any host 202.72.156.58 eq www
access-list 100 permit tcp any host 202.72.156.58 eq 4056
access-list 100 permit gre any host 202.72.156.58
access-list 100 permit tcp any host 202.72.156.58 eq 1725
access-list 100 permit icmp any host 202.72.156.58 echo-reply
access-list 100 permit icmp any host 202.72.146.169 echo-reply
access-list 100 deny   ip any host 202.72.156.58
access-list 100 deny   ip any host 202.72.146.169
access-list 100 permit ip any any

OK so every thing works fine, it is applied to the incomming DIALER 1 interface, and i get alot of hits on every access-list line expect tcp 1725 and grep and i down know why??

is there something wrong with the list???
0
Comment
Question by:markgrinceri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 12338038
Perhaps because you need TCP Port 1723 vs 1725
0
 
LVL 2

Author Comment

by:markgrinceri
ID: 12338597
sorry big mistake on my behalf, i should of double checked that
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12338666
Sometimes we look at our own work so many times it just takes another pair of eyes to see ..

Glad to help!

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question