Cisco 892 + PPTP clients

clementca — Mon, 11 Mar 2019 20:02:34 GMT

We have a Cisco 891 with this configuration below

I   got several computer on my lan that needs to connect to an external   Windows server with pptp. The windows server is not mine but it works.   The clients are using the windows connection manager. We can connect to   the windows pptp server for hours sometimes.

But, sometimes we   can just connect about 3-4-5 minutes, and it auto-disconnects. Is there   something wrong in my configuration ? I heard the cisco router is   messing with the keepalive or the connection state.

It seems to happens when i have more than 5-6 clients connected at the same time on the same server.

I got theses mesages : Link to VPN failed. OR ERROR 619 OR ERROR 651

Before,   I had a RV042 and it worked like a charm. We were 10 on the vpn server   and it was working. I dont see why Its not working now....

The errors are : Link to VPN server failed, OR ERROR 619 or ERROR 651.... (Windows 7)

Thanks

Building configuration...

version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Quantis891
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
!
no ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.1.1.201 10.1.1.254
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
ip dhcp pool Quantis
   import all
   network 10.1.1.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 10.1.1.1
   netbios-name-server 10.1.1.253
   lease infinite
!
!
ip cef
no ip bootp server
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn
!
!
object-group service Srvloc
description Srvloc Port 427
udp lt 427
!
!
!
ip tcp synwait-time 10
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol dns
match protocol secure-pop3
match protocol imap
class-map match-any VoIP
match protocol skype
class-map match-any VPN
match protocol pptp
match protocol gre
match protocol l2tp
match protocol ipsec
!
!
policy-map QoS
class VoIP
    priority percent 15
set dscp ef
class VPN
    priority percent 40
class WebEmail
    bandwidth remaining percent 40
class class-default
    bandwidth remaining percent 35
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
switchport trunk native vlan 2
shutdown
!
!
interface FastEthernet1
shutdown
!
!
interface FastEthernet2
shutdown
!
!
interface FastEthernet3
shutdown
!
!
interface FastEthernet4
shutdown
!
!
interface FastEthernet5
shutdown
!
!
interface FastEthernet6
shutdown
!
!
interface FastEthernet7
switchport access vlan 2
switchport trunk native vlan 2
!
!
interface FastEthernet8
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
shutdown
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $ETH-WAN$$FW_OUTSIDE$
bandwidth 2048
ip address dhcp client-id GigabitEthernet0 hostname nostromo
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
service-policy output QoS
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip tcp adjust-mss 1452
!
!
interface Vlan2
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
!
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-top-talkers
top 10
sort-by bytes
!
ip nat inside source list 1 interface GigabitEthernet0 overload
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
!
logging trap debugging
logging 10.1.1.253
access-list 1 remark INSIDE_IF=Vlan2
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 12 permit any
access-list 23 remark CCP_ACL Category=16
access-list 23 permit 10.1.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.1 eq cmd
access-list 100 deny   tcp any host 10.10.10.1 eq telnet
access-list 100 deny   tcp any host 10.10.10.1 eq 22
access-list 100 deny   tcp any host 10.10.10.1 eq www
access-list 100 deny   tcp any host 10.10.10.1 eq 443
access-list 100 deny   tcp any host 10.10.10.1 eq cmd
access-list 100 deny   udp any host 10.10.10.1 eq snmp
access-list 100 permit ip any any
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 10.1.1.0 0.0.0.255 any
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 101 permit ip 10.10.10.0 0.0.0.7 any
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 10.1.1.0 0.0.0.255 any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 permit ip 10.10.10.0 0.0.0.7 any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp 10.1.1.0 0.0.0.255 host 10.1.1.1 eq telnet
access-list 103 permit tcp 10.1.1.0 0.0.0.255 host 10.1.1.1 eq 22
access-list 103 permit tcp 10.1.1.0 0.0.0.255 host 10.1.1.1 eq www
access-list 103 permit tcp 10.1.1.0 0.0.0.255 host 10.1.1.1 eq 443
access-list 103 permit tcp 10.1.1.0 0.0.0.255 host 10.1.1.1 eq cmd
access-list 103 permit tcp any any eq 1723
access-list 103 remark GRE
access-list 103 permit gre any any
access-list 103 permit udp any any eq isakmp
access-list 103 deny   udp any any eq 427
access-list 103 deny   tcp any host 10.1.1.1 eq telnet
access-list 103 deny   tcp any host 10.1.1.1 eq 22
access-list 103 deny   tcp any host 10.1.1.1 eq www
access-list 103 deny   tcp any host 10.1.1.1 eq 443
access-list 103 deny   tcp any host 10.1.1.1 eq cmd
access-list 103 deny   udp any host 10.1.1.1 eq snmp
access-list 103 permit ip any any
no cdp run

Re: Cisco 892 + PPTP clients

Leo Laohoo — Tue, 08 Mar 2011 03:38:58 GMT

HI Charles-Antoine,

Please refrain from making multiple posts of the same issue.

topic Re: Cisco 892 + PPTP clients in Network Security

Cisco 892 + PPTP clients

Re: Cisco 892 + PPTP clients