We help IT Professionals succeed at work.
Get Started

Cisco PPTP VPN Config

Suncore asked
Last Modified: 2012-05-10
Would really appreciate any help on this..

I am trying to establish a PPTP VPN from a Cisco router with a third party and send selected traffic over that VPN.

Would appreciate if someone could confirm if this is possible and perhaps provide some assistance with the required confirm or possibly just supply a sample config.

Hardware / IOS is as follows:

Cisco 877W-G-A-M-K9 Router
(C870-ADVSECURITYK9-M), Version 12.4(15)T10

I have an IP address, userid and pswd for the remote PPTP VPN.

Thanks in advance to anyone who can save my sanity :)
XXXXXX# show run
Building configuration...

Current configuration : 6744 bytes
! Last configuration change at 13:42:14 NTP Tue Dec 28 2010 by XXXXXX
! NVRAM config last updated at 07:46:38 NTP Tue Dec 28 2010 by XXXXXX
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname XXXXXX
logging buffered 51200
logging console critical
enable secret 5 $1$yXXX$IXCDkkg2zZdOB2RTSRf0B1
no aaa new-model
clock timezone NTP 11
crypto pki trustpoint TP-self-signed-3906683008
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3906683008
 revocation-check none
 rsakeypair TP-self-signed-3906683008
crypto pki certificate chain TP-self-signed-3906683008
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33393036 36383330 3038301E 170D3130 31323235 31383534 
  34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39303636 
  38333030 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81009048 9F6716E9 4AF0942D C8B3D15C 7E77EFD9 95BCA110 D04D5D6C BA142CC0 
  5DA22760 BF77446F 4A768087 AF843670 929BB477 4F809D62 19EC295C 2C363398 
  64240BF2 97DA2052 ED72DA55 966A96B6 699C4DF2 8C2223EF C137EFE8 78DC3DB0 
  5470EC97 FF103C06 6650B990 2D72C7F4 F0FFCE41 4D99EAE4 DB6E682E F58F40CC 
  77C90203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603 
  551D1104 1C301A82 18534B59 4E45542D 5359442E 7061756C 7061796E 652E636F 
  6D301F06 03551D23 04183016 80144AA5 C6C82308 F79EBBEF C0616102 624CF292 
  0417301D 0603551D 0E041604 144AA5C6 C82308F7 9EBBEFC0 61610262 4CF29204 
  17300D06 092A8648 86F70D01 01040500 03818100 1460AC62 928A5FD7 55907DDF 
  2E624C2A E378AF8C 2D500E3F 97F725FA 8377B837 DD5CB0F8 51826C10 69ECA72B 
  A297A6E4 2A79DE15 59F61372 FEABC1EF D7275B9A 2BB5721F 65E34DC3 64F08165 
  98D5F423 EF0013EE 691BF515 C2580474 0BF22FE1 6DCA20D3 18A7B8B1 07FB16E6 
  0F67EAFE AD6D156E E55C51F0 EB3778B1 FF377945
dot11 association mac-list 700
dot11 syslog
dot11 ssid XXXXXX
   authentication open 
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool Primary
   import all
   dns-server XXX.XXX.XXX.XXX 
no ip bootp server
ip domain name XXXXXXXXX.XXX
ip name-server XXX.XXX.XXX.XXX
username XXXXXX privilege 15 secret 5 $1$wi4T$qPWv3dPGwoOQFMXXXXXX
username XXX password 7 XXXXXX
 log config
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
bridge irb
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 8/35 
  pppoe-client dial-pool-number 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
 no ip address
 ssid XXXXXX
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
interface Vlan1
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username XXXXXX@XXXXXX password 7 0613022D475BXXXXXXXX
interface BVI1
 description $ES_LAN$
 ip address
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
ip forward-protocol nd
ip route Dialer0
no ip http server
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 8090 interface Dialer0 8081
ip nat inside source static udp 8090 interface Dialer0 8081
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit
access-list 700 permit 001e.XXXX.XXXX   0000.0000.0000
access-list 700 permit 0012.XXXX.XXXX   0000.0000.0000
access-list 700 permit cc08.XXXX.XXXX   0000.0000.0000
access-list 700 permit 0021.XXXX.XXXX   0000.0000.0000
access-list 700 permit cc08.XXXX.XXXX   0000.0000.0000
access-list 700 permit 0023.XXXX.XXXX   0000.0000.0000
access-list 700 permit 001b.XXXX.XXXX   0000.0000.0000
access-list 700 permit 0024.XXXX.XXXX   0000.0000.0000
dialer-list 1 protocol ip permit
no cdp run
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you 
want to use.
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
 exec-timeout 30 0
 logging synchronous
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 exec-timeout 30 0
 privilege level 15
 logging synchronous
 login local
 transport input ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp logging
ntp clock-period 17182131
ntp server XXX.XXX.XXX.XXX


Open in new window

Watch Question
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE