CISCO 877 - VPN pass through (ip 47-GRE) and port forwarding (TCP 1723)

HELP! Got a CISCO 877 Box with IOS Version 12.4 .
For the life of me I cannot get the VPN to pass through. I can dot it NAT 1-1 but not with the access-list's
WAN: Cisco 877 ADSL Bridged
LAN: Linux VPN PPTP Server, Mac OS 10 FTP and Web Server, and MS Exchange for Mail.
I need to forward other ports to other servers which is why NAT 1-1 is not good for me.

This is my current basic configuration file with out the access list's:

!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$asdO7/$$Pzsf&$oJjail$$TotX9.
!
no aaa new-model
!
resource policy
!
clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected


!
!
username cisco privilege 15 secret 5 mdf$mL$d6df369eLgfY1G1fg$hjhWQ.
!
!
!
bridge irb
!
!
interface ATM0
 description --- ADSL to Internet ---
 no ip address
 no ip mroute-cache
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5snap
  protocol ip inarp
 !
 dsl operating-mode itu-dmt
 bridge-group 1
 hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.10.12.50 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface BVI1
 description --- Bridging Interface ---
 ip address 203.194.32.133 255.255.255.252
 ip nat outside
 ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 203.194.32.132
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface BVI1 overload
!
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.10.12.96
access-list 101 remark SDM_ACL Category=18
access-list 101 permit ip 10.10.0.0 0.0.0.255 any
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login local
!
scheduler max-task-time 5000
end

Any assistance apreciated.

Thank you
LVL 6
Arthur_MinoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stressedout2004Commented:
Hmmmm... I don't know if the type of VPN server makes a difference, but you should be able to pass through PPTP without having to add any additional configuration. Prior to 12.1(4)T, you need a one is to one mapping for PPTP to work. But then the feature called NAT—Support for PPTP in an Overload (Port Address Translation) came in which allows you to establish multiple PPTP connections using PAT. See the following documents:

Configuring PPTP Through PAT to a Microsoft PPTP Server
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

NAT—Support for PPTP in an Overload (Port Address Translation) Configuration
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/prod_bulletin09186a0080091abd.html#wp45349

You are already running 12.4, so that should work just fine unless they made some changes on the 12.4 code. Do you by any means have a valid CCO account? You can use the Feature Navigator tool at Cisco's support page to see if the feature set you have on your router supports this functionality.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Arthur_MinoAuthor Commented:
G'day StreesedOut2004,

Sorry for the late reply. But yeah, it did work automatically.
I think forcing GRE rules into 12.4 NAT is a bad idea!

One I got that working everything fell into place.

Do you find the CISCO 877 take about 3 to 5 minutes to come up online? is that normal?


Cheers,

Arthur
stressedout2004Commented:
Meaning when you reboot it?
Arthur_MinoAuthor Commented:
yeah!
I know for example my Cyberguard takes less than a minute.
Not sure why?

Cheers,

Arthur
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.