CISCO 877 - VPN pass through (ip 47-GRE) and port forwarding (TCP 1723)

HELP! Got a CISCO 877 Box with IOS Version 12.4 .
For the life of me I cannot get the VPN to pass through. I can dot it NAT 1-1 but not with the access-list's
WAN: Cisco 877 ADSL Bridged
LAN: Linux VPN PPTP Server, Mac OS 10 FTP and Web Server, and MS Exchange for Mail.
I need to forward other ports to other servers which is why NAT 1-1 is not good for me.

This is my current basic configuration file with out the access list's:

!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$asdO7/$$Pzsf&$oJjail$$TotX9.
!
no aaa new-model
!
resource policy
!
clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected


!
!
username cisco privilege 15 secret 5 mdf$mL$d6df369eLgfY1G1fg$hjhWQ.
!
!
!
bridge irb
!
!
interface ATM0
 description --- ADSL to Internet ---
 no ip address
 no ip mroute-cache
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5snap
  protocol ip inarp
 !
 dsl operating-mode itu-dmt
 bridge-group 1
 hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.10.12.50 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface BVI1
 description --- Bridging Interface ---
 ip address 203.194.32.133 255.255.255.252
 ip nat outside
 ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 203.194.32.132
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface BVI1 overload
!
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.10.12.96
access-list 101 remark SDM_ACL Category=18
access-list 101 permit ip 10.10.0.0 0.0.0.255 any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login local
!
scheduler max-task-time 5000
end

Any assistance apreciated.

Thank you
LVL 6
Arthur_MinoAsked:
Who is Participating?
 
stressedout2004Commented:
Hmmmm... I don't know if the type of VPN server makes a difference, but you should be able to pass through PPTP without having to add any additional configuration. Prior to 12.1(4)T, you need a one is to one mapping for PPTP to work. But then the feature called NAT—Support for PPTP in an Overload (Port Address Translation) came in which allows you to establish multiple PPTP connections using PAT. See the following documents:

Configuring PPTP Through PAT to a Microsoft PPTP Server
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

NAT—Support for PPTP in an Overload (Port Address Translation) Configuration
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/prod_bulletin09186a0080091abd.html#wp45349

You are already running 12.4, so that should work just fine unless they made some changes on the 12.4 code. Do you by any means have a valid CCO account? You can use the Feature Navigator tool at Cisco's support page to see if the feature set you have on your router supports this functionality.
0
 
Arthur_MinoAuthor Commented:
G'day StreesedOut2004,

Sorry for the late reply. But yeah, it did work automatically.
I think forcing GRE rules into 12.4 NAT is a bad idea!

One I got that working everything fell into place.

Do you find the CISCO 877 take about 3 to 5 minutes to come up online? is that normal?


Cheers,

Arthur
0
 
stressedout2004Commented:
Meaning when you reboot it?
0
 
Arthur_MinoAuthor Commented:
yeah!
I know for example my Cyberguard takes less than a minute.
Not sure why?

Cheers,

Arthur
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.