Problem connecting to remote VPN server when sat behind Cisco 1841 router

Hi All,

This is the situation, The owner of our company is sat behind a Cisco 1841 router (firewall turned off), he is trying to initiate a VPN connection to a server outside of our company.

In the way is our company firewall.

I have opened a rule in the firewall to allow access through to a certain address (the vpn server of the other company). I can see traffic passing through our firewall after meeting this rule.

However, he is getting a "verifying username and password" message and then it times out.

I have narrowed it down to the router, has anyone else had this problem?

Here is an example of the router's config :


!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname OFFICE
!
boot-start-marker
boot-end-marker
!
logging queue-limit 100
no logging buffered
enable secret 5 $1$SJ30$08lBzf7AVKDQswtBpmmLZ1
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip cef
!
!
ip dhcp excluded-address 172.16.XXX.129 172.16.XXX.140
ip dhcp excluded-address 172.16.XXX.1 172.16.XXX.16
!
ip dhcp pool CLIENT
   import all
   network 172.16.XXX.128 255.255.255.128
   default-router 172.16.XXX.129
   dns-server 192.168.8.18 192.168.10.13 192.168.4.5
!
ip dhcp pool STAFF
   import all
   network 172.16.XXX.0 255.255.255.128
   default-router 172.16.XXX.1
   dns-server 192.168.8.18 192.168.10.13 192.168.4.5
   lease 2
!
no ip domain lookup
!
no ftp-server write-enable
!
!
interface FastEthernet0/0
 description Connection to the STAFF ethernet segment
 ip address 172.16.XXX.1 255.255.255.128
 ip access-group 10 out
 half-duplex
 hold-queue 100 out

interface ATM0/0/0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0/1
 description Connection to the CLIENT ethernet segment
 ip address 172.16.XXX.129 255.255.255.128
 ip access-group 10 out
 half-duplex
 hold-queue 100 out
!

!
interface Dialer1
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname OFFICE@A4EADSL.CO.UK
 ppp chap password 0 PASSPHRASE
 ppp pap sent-username OFFICE@A4EADSL.CO.UK password 0 PASSPHRASE
 ppp ipcp dns request
 ppp ipcp wins request
 hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
!
access-list 10 permit 172.16.XXX.16
access-list 10 permit 172.16.XXX.0 0.0.0.15
access-list 10 deny   172.16.XXX.0 0.0.0.127
access-list 10 permit any
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 120 0
 password 7 104D000A0618
 login
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 password 7 14141B180F0B
 login
 length 0
!
scheduler max-task-time 5000
!
control-plane
!
end
A4eITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SorensonCommented:
What vpn client is he using?  If it is a cisco vpn client, be sure that the vpn server (firewall, router, pix, asa) has nat traversal enabled (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftipsnat.htm) .  If it is a microsoft, or PPTP vpn, he will need a static translation through the firewall (not a hide or global) and the firewall will need to allow pptp ports back to that address.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
A4eITAuthor Commented:
Hi sorry it's a bog standard windows VPN connection
0
A4eITAuthor Commented:
Turned out to be a NAT problem. thanks for the help anyway.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.