Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Problem connecting to remote VPN server when sat behind Cisco 1841 router

Posted on 2007-03-20
Medium Priority
Last Modified: 2008-03-03
Hi All,

This is the situation, The owner of our company is sat behind a Cisco 1841 router (firewall turned off), he is trying to initiate a VPN connection to a server outside of our company.

In the way is our company firewall.

I have opened a rule in the firewall to allow access through to a certain address (the vpn server of the other company). I can see traffic passing through our firewall after meeting this rule.

However, he is getting a "verifying username and password" message and then it times out.

I have narrowed it down to the router, has anyone else had this problem?

Here is an example of the router's config :

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname OFFICE
logging queue-limit 100
no logging buffered
enable secret 5 $1$SJ30$08lBzf7AVKDQswtBpmmLZ1
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip cef
ip dhcp excluded-address 172.16.XXX.129 172.16.XXX.140
ip dhcp excluded-address 172.16.XXX.1 172.16.XXX.16
ip dhcp pool CLIENT
   import all
   network 172.16.XXX.128
   default-router 172.16.XXX.129
ip dhcp pool STAFF
   import all
   network 172.16.XXX.0
   default-router 172.16.XXX.1
   lease 2
no ip domain lookup
no ftp-server write-enable
interface FastEthernet0/0
 description Connection to the STAFF ethernet segment
 ip address 172.16.XXX.1
 ip access-group 10 out
 hold-queue 100 out

interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 dsl operating-mode auto
interface FastEthernet0/1
 description Connection to the CLIENT ethernet segment
 ip address 172.16.XXX.129
 ip access-group 10 out
 hold-queue 100 out

interface Dialer1
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname OFFICE@A4EADSL.CO.UK
 ppp chap password 0 PASSPHRASE
 ppp pap sent-username OFFICE@A4EADSL.CO.UK password 0 PASSPHRASE
 ppp ipcp dns request
 ppp ipcp wins request
 hold-queue 224 in
ip classless
ip route Dialer1
ip http server
no ip http secure-server
access-list 10 permit 172.16.XXX.16
access-list 10 permit 172.16.XXX.0
access-list 10 deny   172.16.XXX.0
access-list 10 permit any
dialer-list 1 protocol ip permit
line con 0
 exec-timeout 120 0
 password 7 104D000A0618
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 password 7 14141B180F0B
 length 0
scheduler max-task-time 5000
Question by:A4eIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 10

Accepted Solution

Sorenson earned 1500 total points
ID: 18759079
What vpn client is he using?  If it is a cisco vpn client, be sure that the vpn server (firewall, router, pix, asa) has nat traversal enabled (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftipsnat.htm) .  If it is a microsoft, or PPTP vpn, he will need a static translation through the firewall (not a hide or global) and the firewall will need to allow pptp ports back to that address.

Author Comment

ID: 18762503
Hi sorry it's a bog standard windows VPN connection

Author Comment

ID: 18904199
Turned out to be a NAT problem. thanks for the help anyway.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question