Link to home
Start Free TrialLog in
Avatar of jtomascak
jtomascak

asked on

I just replaced my Cisco 1841 router with a 2811. I can no longer establish a VPN connection to my firewall.

I just replaced my Cisco 1841 router with a 2811.  I used the configuration information from the 1841 making the necessary adjustments.  WEB and email traffic appear to flow fine.  However I can no longer establish a PPTP VPN connection to my WG Firewall.  I can no longer ping my forewall from the outside either.  Does the 2811 have a default configuration that would block this traffic?
Avatar of giltjr
giltjr
Flag of United States of America image
Can you post your configuration?  Of course you can just "xxxxxx" anything that is deemed confidential.

What IOS level was the 1841 and what level is the 2811?

Have you compared the configs line by line. Not all commands/options are valid on all hardware devices.
Avatar of jtomascak
jtomascak

ASKER

Here are the config files.  I use a Watchguard Firewall and the IPSec tunnels are all working correctly.  It's just the PPTP VPN that won't connect.  I also cannot ping any of my public IP addresses with the exception of the 2811.
2811
!
version 12.4
service nagle
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phs
!
boot-start-marker
boot-end-marker
!
logging buffered 8012 debugging
enable secret 5 xxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
no ip source-route
!
!
ip cef
!
!
ip domain list visi.com
ip domain name xxx.org
ip name-server 209.98.98.98
ip name-server 208.42.42.42
!
username xxxxx password 7 xxxxxxxxxxxxxxx
!
interface Multilink1
 description MPPP to Visi - s0/0/0 & s0/1/0 & s0/2/0
 ip address 209.xx.xxx.xxx 255.255.255.252
 down-when-looped
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface GigabitEthernet0/0
 description PHS LAN
 ip address 209.xx.xxx.33 255.255.255.240
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface Serial0/0/0
 description MPPP to Visi
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/1/0
 description MPPP to Visi
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/2/0
 description MPPP to Visi
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Multilink1
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 60 0
 privilege level 15
 password 7 xxxxxxxxxxxxx
 login
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end
 
 
 
1841
 
version 12.4
service nagle
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phs
!
boot-start-marker
boot-end-marker
!
logging buffered 8012 debugging
enable secret 5 xxxxxxxxxxxxxxx.
!
no aaa new-model
!
resource policy
!
clock timezone CST -6
clock summer-time CDT recurring
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain list visi.com
ip domain name preshomes.org
ip name-server 209.98.98.98
ip name-server 208.42.42.42
!
username xxxx password 7 xxxxxxxxxxxxxxxxx
!
!
!
interface Multilink1
 description MPPP to Visi - s0/0 & s0/1
 ip address 209.xx.xxx.xxx 255.255.255.252
 down-when-looped
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface FastEthernet0/0
 description Presbyterian Home LAN
 ip address 209.xx.xxx.33 255.255.255.240
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description MPPP to Visi
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
interface Serial0/1/0
 description MPPP to Visi
 no ip address
 encapsulation ppp
 no fair-queue
 no cdp enable
 ppp multilink
 ppp multilink group 1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Multilink1
!
no ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 exec-timeout 60 0
 privilege level 15
 password 7 xxxxxxxxxxxxxxxxxxx
 login
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
end

Open in new window

Avatar of arnold
arnold
Flag of United States of America image
You need to turn off the builtin firewall to allow access to your public LAN side.
Or since the 2811 has an integrated IDS/firewall, setup appropriate access lists to allow some traffic through to the WG firewall.

Did your 1841 have access-lists to allow routed LAN traffic through to the WG?
ASKER CERTIFIED SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jtomascak
jtomascak

ASKER

Self healing somehow.  I left on a week long vacation 2 days after posting this.  Tried accessing it several times during that period but no luck.  Suddenly one day it started working again.  No changes to 1841 or Wg. No reboots or reloads.  just started working.

Thanks for you effort.