PPTP inbound thru Cisco router to Win2003 Server does not work!
Posted on 2007-11-16
Inbound PPTP conection won't connect..
private IP of Win2003 server is: 10.100.1.5
Public IP (via static NAT on outside of router) is: 22.214.171.124
Have the pertinent IP NAT statements in the router:
ip nat inside source static 10.100.1.5 126.96.36.199 route-map VPN-NAT_fixup
!!! Access below applied to outside interface !!!
access-list 122 permit gre any host 188.8.131.52
access-list 122 permit tcp any host 184.108.40.206 eq 1723
access-list 2000 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 2000 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
route-map VPN-NAT_fixup permit 1
match ip address 2000
Get the following PPTP failure on Win server event log:
Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Time: 8:18:19 AM
A connection between the VPN server and the VPN client 220.127.116.11 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
All other static mappings (ie smtp port 25 and web) to internal servers work perfectly!
NAT translation table show GRE and TCP/1723 translations on the Cisco 2851
ANY IDEAS ANYONE?....been scratching my head for hours!