SBS2003 with VPN server configured behind cisco 800 router

I all,

as the title suggests I have a cisco 800 series router configured as my main internet connection feeding into the WAN side of my SBS2003 server which provides users with VPN connectivity. We recently changed the VPN settings to use l2tp rather than pptp and now we cannot establish a vpn from outside. I have forwarded the required ports as stated by microsoft however am finding mention that i must forward protocol 50. I am stuck on this, Cant seem to figure out how to do that.

My cirrent config


!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mbicrtr01
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1152418017
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1152418017
 revocation-check none
 rsakeypair TP-self-signed-1152418017
!
!
crypto pki certificate chain TP-self-signed-1152418017
 certificate self-signed 01 nvram:IOS-Self-Sig#4.cer
dot11 syslog
no ip source-route
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
!
!
username root privilege 15 secret 5 R3UnapHC2QOE5/
!
!
!
archive
 log config
  hidekeys
!
!
!
track 10 ip sla 123 reachability
 delay down 10 up 10
!
!
!
interface ATM0
 description --- Bigpond ADSL WAN Connection ---$ES_WAN$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
 pvc 8/35
  tx-ring-limit 3
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description --- Internal LAN ---
 ip address 192.168.200.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 standby 1 ip 192.168.200.3
 standby 1 priority 105
 standby 1 preempt
 standby 1 track 10 decrement 10
!
interface Dialer0
 description --- Bigpond ---
 ip address 110.xxx.xx.xx 255.255.255.0
 ip access-group 100 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname hello@direct.telstra.net
 ppp chap password 0 xxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 110.xxx.xx.1
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 190 interface Dialer0 overload
ip nat inside source static tcp 192.168.200.20 443 interface Dialer0 443
ip nat inside source static tcp 192.168.200.20 51 interface Dialer0 51
ip nat inside source static tcp 192.168.200.20 52 interface Dialer0 52
ip nat inside source static tcp 192.168.200.20 54 interface Dialer0 54
ip nat inside source static tcp 192.168.200.20 25 interface Dialer0 1201
ip nat inside source static tcp 192.168.200.24 21 interface Dialer0 1203
ip nat inside source static tcp 192.168.200.20 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.200.20 3390 interface Dialer0 3390
ip nat inside source static tcp 192.168.200.20 1701 interface Dialer0 1701
ip nat inside source static udp 192.168.200.20 500 interface Dialer0 500
!
ip sla 123
 icmp-echo 8.8.8.8
ip sla schedule 123 life forever start-time now
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 190 permit ip 192.168.200.0 0.0.0.255 any
no cdp run

!
!
!
!
control-plane
!

-----------------------------------------------------------------------

!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 190 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end


Also i am no guru on cisco and appreciate any other feedback particualrly and security issues that may be present
LVL 1
MichaelAsked:
Who is Participating?
 
rauenpcConnect With a Mentor Commented:
Protocol 50 is ESP. I'm any nat or acl statement, you would reference ESP instead of tcp, udp, or ip. Example:
Ip nat inside source static esp 192.168.200.20 interface dialer 0
0
 
TimotiStDatacenter TechnicianCommented:
Agree with @rauenpc.
You might also need the AH protocol, and UDP ports 4500 and 10000 forwarded (for NAT-T).

Tamas
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.