07-28-2003 09:17 AM - edited 03-02-2019 09:10 AM
I have an 804 ISDN router running NAT for a small remote office. The clients connect to our W2K servers via standard W2K VPN client.
My router will not allow this traffic and I'm unsure how or if I can setup an access-list to allow VPN traffic. W2K VPN is PPTP.
I know its the router because at a diff location I disabled NAT, thru a linux firewall up and it worked. Unfortunately with only one static IP at this location I can not add a firewall.
Thanks for any help!!!
07-30-2003 12:21 AM
Are you using dynamic NAT? If you did, then change it to static NAT.
07-30-2003 05:16 AM
Well here is my cfg, would i change the NAT line from Dialer1 to:
ip nat inside source list 1 interface Ethernet0 overload
???
Thanks!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
pots country US
ip subnet-zero
ip dhcp excluded-address 10.4.4.20 10.4.4.50
!
ip dhcp pool 1
network 10.4.4.0 255.255.255.0
default-router 10.4.4.1
dns-server 1.2.3.4
!
no ip domain-lookup
isdn switch-type basic-ni
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 10.4.4.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface BRI0
description connected to Internet
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-ni
isdn spid1 1234
isdn spid2 1235
no cdp enable
!
interface Dialer1
description connected to Internet
ip address 1.2.5.6 255.255.255.0
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer string 1234567890
dialer string 1234567890
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname usr
ppp chap password 7 *
ppp pap sent-username usr password 7 *
ppp multilink
!
router rip
version 2
passive-interface Dialer1
network 10.0.0.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.4.4.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
password 7 *
login
transport input none
stopbits 1
line vty 0 4
password 7 *
login
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide