• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 418
  • Last Modified:

VPN client won't connect behind cisco 837

I have a cisco 837 at home/  I need to connect to a windows vpn server at work.  I understand I have to let gre and tcp 1723 through.  Am I missing something?  I always get back error 800.  Here is my config.

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco837
!
boot-start-marker
boot-end-marker
!
logging userinfo
no logging buffered
no logging monitor
enable secret 5 $1$3Eqp$Lmus2O.SbX4qkyb4QeRQY0
enable password Maxima
!
no aaa new-model
clock timezone PCTime -5
no ip subnet-zero
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.3.200 192.168.3.202
ip dhcp excluded-address 192.168.3.20
ip dhcp excluded-address 192.168.3.3
!
ip dhcp pool LAN
   import all
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   domain-name house.local
   lease 0 2
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
vpdn enable
!
!
!
!
!
!
!
no crypto isakmp enable
!
bridge irb
!
!
interface Ethernet0
 description link to LAN
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 hold-queue 100 out
!
interface Ethernet2
 no ip address
 shutdown
 no cdp enable
 hold-queue 100 out
!
interface ATM0
 description ADSL
 no ip address
 no atm ilmi-keepalive
 bundle-enable
 dsl operating-mode auto
 hold-queue 224 in
 pvc 0/35
  pppoe-client dial-pool-number 1
 !
!
interface ATM0.1 point-to-point
 pvc 1/1
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet1
 speed auto
 full-duplex
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet4
 shutdown
 duplex auto
 speed auto
!
interface Dialer1
 description PPPOE
 ip address negotiated
 no ip redirects
 no ip unreachables
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username b1mxxk35 password 0 Maxima13
 ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.3.20 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.3.237 5001 interface Dialer1 5001
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 101 permit gre any any
access-list 101 permit tcp any any eq 1723
!
!
!
control-plane
!
!
line con 0
 exec-timeout 120 0
 no modem enable
 transport output all
 stopbits 1
line aux 0
 exec-timeout 0 0
 transport output all
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 privilege level 15
 password Maxima
 login
 transport input telnet
 transport output all
!
scheduler max-task-time 5000
end
0
Lilgansta
Asked:
Lilgansta
1 Solution
 
muffCommented:
Your ACL 101 is not attached to anything so isn't permitting / denying traffic.  That is fine, it won't stop this working and is better for testing.

Can you provide a

  show ip nat translations

While the connection is being established?
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now