jtomascak
asked on
I just replaced my Cisco 1841 router with a 2811. I can no longer establish a VPN connection to my firewall.
I just replaced my Cisco 1841 router with a 2811. I used the configuration information from the 1841 making the necessary adjustments. WEB and email traffic appear to flow fine. However I can no longer establish a PPTP VPN connection to my WG Firewall. I can no longer ping my forewall from the outside either. Does the 2811 have a default configuration that would block this traffic?
ASKER
Here are the config files. I use a Watchguard Firewall and the IPSec tunnels are all working correctly. It's just the PPTP VPN that won't connect. I also cannot ping any of my public IP addresses with the exception of the 2811.
2811
!
version 12.4
service nagle
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phs
!
boot-start-marker
boot-end-marker
!
logging buffered 8012 debugging
enable secret 5 xxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
no ip source-route
!
!
ip cef
!
!
ip domain list visi.com
ip domain name xxx.org
ip name-server 209.98.98.98
ip name-server 208.42.42.42
!
username xxxxx password 7 xxxxxxxxxxxxxxx
!
interface Multilink1
description MPPP to Visi - s0/0/0 & s0/1/0 & s0/2/0
ip address 209.xx.xxx.xxx 255.255.255.252
down-when-looped
no cdp enable
ppp multilink
ppp multilink group 1
!
interface GigabitEthernet0/0
description PHS LAN
ip address 209.xx.xxx.33 255.255.255.240
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/0/0
description MPPP to Visi
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0
description MPPP to Visi
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/2/0
description MPPP to Visi
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Multilink1
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 60 0
privilege level 15
password 7 xxxxxxxxxxxxx
login
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
end
1841
version 12.4
service nagle
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phs
!
boot-start-marker
boot-end-marker
!
logging buffered 8012 debugging
enable secret 5 xxxxxxxxxxxxxxx.
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain list visi.com
ip domain name preshomes.org
ip name-server 209.98.98.98
ip name-server 208.42.42.42
!
username xxxx password 7 xxxxxxxxxxxxxxxxx
!
!
!
interface Multilink1
description MPPP to Visi - s0/0 & s0/1
ip address 209.xx.xxx.xxx 255.255.255.252
down-when-looped
no cdp enable
ppp multilink
ppp multilink group 1
!
interface FastEthernet0/0
description Presbyterian Home LAN
ip address 209.xx.xxx.33 255.255.255.240
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description MPPP to Visi
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0
description MPPP to Visi
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Multilink1
!
no ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
exec-timeout 60 0
privilege level 15
password 7 xxxxxxxxxxxxxxxxxxx
login
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
end
You need to turn off the builtin firewall to allow access to your public LAN side.
Or since the 2811 has an integrated IDS/firewall, setup appropriate access lists to allow some traffic through to the WG firewall.
Did your 1841 have access-lists to allow routed LAN traffic through to the WG?
Or since the 2811 has an integrated IDS/firewall, setup appropriate access lists to allow some traffic through to the WG firewall.
Did your 1841 have access-lists to allow routed LAN traffic through to the WG?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Self healing somehow. I left on a week long vacation 2 days after posting this. Tried accessing it several times during that period but no luck. Suddenly one day it started working again. No changes to 1841 or Wg. No reboots or reloads. just started working.
Thanks for you effort.
Thanks for you effort.
What IOS level was the 1841 and what level is the 2811?
Have you compared the configs line by line. Not all commands/options are valid on all hardware devices.