Microsoft PPTP passthrough on Cisco 1841 IOS 12.4.19 Mainline Advanced IP Services

I have the above hardware / ios, and everything is working perfectly with the exception of PPTP passthrough to a Microsoft VPN server.  Here is what I have done.


ip nat source static 192.168.0.2 70.1.2.3 //add the nat

ip access-list extended fa0/0_in //inbound acl on public interface
 permit tcp any host 70.1.2.3 eq 1723
 permit gre any any
 deny ip any any log

interface fasteth 0/0
 ip address 70.1.2.4
 access-group fa0/0_in in
 no shutdown

I have many more nats, and many more permits in the access list, and all other nats and permits are working fine.  When I do a show ip nat trans, it show the gre and the 1723 natted correctly.  If I remove the ACL, it still doesn't work.  No traffic is being denied in the logs.  The Windows client hangs on verifying username and password.  The Windows server event view reports that the authentication timed out.  The RRAS logs are enabled, but missing.  And most importantly, when I connect to the VPN server from another site through a point-to-point t1, it works fine.  My best guess is that it is something with GRE and this version of IOS, but none of the old GRE tricks work on this router.

Any ideas?

Best Regards,

Cory
swatsystemsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
I've personally never had to do this before, but have you looked at the following article to see if it addresses your situation?

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
0
swatsystemsAuthor Commented:
It does, somewhat.  I have actually probably read every doc on Cisco's website having anything to do with PPTP.  I put wireshark on it, and it was failing negotiating the GRE, which uses PPP and LCP.  The only thing I can image is that our existing GRE tunnels for the site to sites are causing some issues with the passthrough.

So, I have given up on the passthrough and just terminated the VPN at the 1841, which is configured for PPTP.  I am using the following article:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml

The VPN terminates, but I have another issue with it.  It is assigning the router's DNS servers to the VPN clients.  I want to use internal DNS, and it doesn't look like you can assign custom DNS servers with the address pool described in the document.  So, I am trying to change the virtual-template to relay DHCP back to our internal server.  It isn't working.  I do have DHCP helper addresses in the virtual-template.  Here is the config:

interface Virtual-Template1
 ip unnumbered FastEthernet0/0
 ip helper-address 192.168.0.2
 peer default ip address dhcp
 ppp encrypt mppe auto
 ppp authentication pap chap ms-chap
end

Am I doing this correctly?  Anyone know how to do that?

Best Regards,

Cory
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.