Re: 806 Router - Need to be able to connect to Win XP workstatio

masmith22 · ‎08-29-2002

I current have the 806 connect to my ISP (Comcast Cable). I am not able to connect to my company network using the Nortel VPN client. I receive banner check error. Nortel was not able to resolve the problem. My job tech support was not able to help. I also would like to be able to connect to my home workstation running WinXP. Thanking you in advance for the help

Route IOS version - c806-k9osy6-mz.122-11.t.bin

Configuration:

!

version 12.2

no parser cache

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname xxxx

!

enable secret

!

username xxxx privilege 15 password 7

ip subnet-zero

ip name-server 68.39.224.5

ip name-server 68.39.224.6

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 68.37.x.x 68.37.x.x

!

ip dhcp pool client

network 10.10.10.0 255.255.255.0

dns-server 68.39.x.x 68.39.x.x

domain-name comcast.net

default-router 10.10.10.1

lease infinite

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw http timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

!

partition flash 2 6 2

!

interface Loopback0

ip address 10.1.1.1 255.255.255.255

!

interface Ethernet0

ip address 10.10.10.1 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

hold-queue 100 out

!

interface Ethernet1

mac-address 0002.1764.73b9

ip address dhcp client-id Ethernet1

ip access-group 111 in

ip nat outside

ip inspect myfw out

no keepalive

no cdp enable

!

ip nat inside source list 102 interface Ethernet1 overload

ip classless

ip http server

ip pim bidir-enable

!

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit udp any any eq isakmp

access-list 111 permit tcp any any eq telnet

access-list 111 permit tcp any any gt 1023 established

access-list 111 permit tcp any any eq 6699

access-list 111 permit udp any any eq 6257

access-list 111 permit tcp any any eq 6346 established

access-list 111 permit ahp any any

access-list 111 permit esp any any

access-list 111 deny icmp any any echo-reply

no cdp run

!

line con 0

exec-timeout 120 0

password 7

logging synchronous

login

stopbits 1

line vty 0 4

exec-timeout 120 0

password 7

login

length 0

!

scheduler max-task-time 5000

end

paqiu · ‎08-29-2002

Hi,

The 806 router doing PAT for your inside home network.

Please make sure that "Nortel VPN client" support "nat transparency mode".

Cisco VPN client supports "IPSEC over UDP" and "IPSEC over TCP" to pass trough the PAT equipment.

I am not sure about Nortel VPN client. Please check with them about that.

Best Regards,

Paul Qiu

masmith22 · ‎08-30-2002

Can you help me with the ISO commands to configure my router to allow me to be to login to my Win XP workstation?

Thanking you in advance fror your help

806 Router - Need to be able to connect to Win XP workstation in home offic