Link to home
Create AccountLog in
Avatar of Tosti
Tosti

asked on

Setting up Microsoft VPN passthrough on Cisco 1841 router in SDM

Hello Experts,

I have a problem configuring a Cisco 1841 router to passthrough VPN traffic.
The situation is as follows:

* Cisco router is being used as Easy VPN Server. Clients now use Cisco or Shrewsoft clients to connect.
* I am in the process of installing a SBS 2011 server behind this Cisco.
* Now I can and want to use Microsoft VPN connection to the server.
* I have made a NAT entry for port 1723 to the internal IP adress of the new server.
* in the Firewall configuration I allowed protocol pptp and SDM_GRE for the internal IP.

When I try to connect with a Windows 7 machine to the external IP of the Cisco nothing happens. The connection hangs on "connecting to <IP-address> through WAN-miniport PPTP.

I'm configuring the Cisco through SDM, as I am a Newbie on configuring Cisco routers. So console configuration is not a good idea :)

Is it possible to use the integrated Easy VPN Server along side of the VPN passhrough?
Can someone help me out here?

Thanx!
Avatar of Istvan Kalmar
Istvan Kalmar
Flag of Hungary image

Hi,

It need to work... what shows the log of the dropped packets?
Avatar of Tosti
Tosti

ASKER

Hi ikalmar, Thanx for your reply.
I checked the log and when I try to connect I can see the following:
Under Active sessions I can see pptp with the IP adress of my external PC.
Dropped packets keep adding up and there is no entry under allowed packets.

Something is not configured right I'm afraid... Can you tell me how to check the config?
ASKER CERTIFIED SOLUTION
Avatar of Gary Coltharp
Gary Coltharp
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Tosti

ASKER

Hi gcoltharp,

No I have not disabled EasyVPN, could that be the problem?
Is it easy to do this, and then later turn it on again?

What do you mean with fixup IKE?

Thanx for responding!
Absolutely....the cisco can only do one or the other, not both.

Some Ciscos will have a "Fixups" under configuration in the PDM or SDM. You need enable fixup IKE for it to pass it.

As far as enabl/disable.... you should be able to just uncheck the box and disable EasyVPN. If you check it again, you configs should still be there. I would back up your config before doing so, just in case. :)
Avatar of Tosti

ASKER

OK Thanx, I will try this out.
Will get back with the results.
Avatar of Tosti

ASKER

OK, it's solved!
The things I did are:
* Disable EasyVPN (I ended up deleting the connection, there was no checkbox).
-- It did not resolve the problem
* I forgot to properly run the VPN wizard on the new SBS 2011 machine.
-- After running this wizard, the VPN connection stopped at "verifying username and password".
* Then I added in the Firewall & ACL section of the cisco router the same values (GRE, PPTP) in the inzone -to- outzone instead of only from out to in. This did the trick.

Apparently the router was not configured to send out this kind of traffic. Does that make sense?

Anyway, the problem is fixed.
I'll reward the points to gcoltharp for guiding me in the right direction, thanx!