PPTP to pass through Cisco 800

N

N3O

Member
Joined
Feb 12, 2008
Messages
16
Reaction score
0
Hi there!

Here's the setup - static IP account with available address. The router on site is a Cisco 800 with IP 41.102.2.201. The available IP is .204. I configure a seperate VPN router's WAN port with IP .204 and gateway 201. Ethernet is plugged in directly from the Cisco to the VPN router.

The VPN router has a internal IP of 192.168.0.251. I configured PPTP server on it with virtual IP 10.1.20.1. The admins of the cisco forwarded port 1723 to the internal IP of the VPN router. If I try to connect remotely it hangs at username and password. They configured it so any traffic that arrives for IP 41.102.2.204 must forward to my device.

Here's the thing. They have couple of forwarding rules pointing to different IP's from different IP's (ie. 1723 on IP 41.102.2.203 to internal IP 192.168.0.5) etc. The OTHER PPTP forward works to the internal IP.

I can SEE the traffic hitting the VPN router and it seems it hangs at GRE - even though thats one of the first things I told them to allow on protocol 47. The [part where it sticks on the VPN router says: PPP LCP is establishing.

Yet they say its enabled. Could they be mistaken and it is only enabled on ACL for the other IP's but not for that one?

ANY help would be appreciated. I have exact same routers at plenty sites on standard DSL connections and they work hundreds...

Thanks!
 
Im not following here.
Is the Cisco 800's external ip 41.102.2.201?
it sounds like an mweb account where they give u a few IP's. These should be made available on the internal side of the 800. IE the 41.12.2.200/26 (They give you 6 addresses).

On your setup, i dont know whats going on. How does the cisco forward traffic to the INTERNAL ip of the vpn router? IE, its not on the same segment, so how does it forward or NAT the traffic to 192.168.0.251? The vpn router would need to know to NAT the traffic to the internal ip.

You also say you see the GRE traffic hitting your vpn router, surely this indicates that they have passed it through the cisco 800? Who controls that VPN router?

You can have separate ACE entries for individual IP's, so its quite possible that they can allow it for certain sources and not others.
I guess you can always ask them for syslog messages or the ACE entry hitcount?

Maybe i am misunderstanding your setup though, but it doesnt make sense to me?
 
Have you got this sorted?
Seems to me as if certain ports were not NAT'ed through on the cisco router to your internal VPN router. Why don't they just static IP NAT 41.102.2.204 ->192.168.0.251.
You can close down the ACL on the outside interface once you get it working.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X