2621 config for allowing PPTP to a RAS server *URGENT*

rbmclean · ‎06-15-2005

I need assisnatce in setting up a 2621 to allow only TCP 1723 and GRE 47 (MS VPN ports) to pass through to a specific internal server.

I have 1 static ip for the 2621 router.

I have set it up on fe0/0

fe0/1 is set up as 192.168.2.1

The RAS server is 192.168.2.2

How do I set up port forwarding or whatever to allow the 2 portocols and only them to be forwarded through to the RAS server?

Do I do ststic NAT mappings?

Thanks

Robert

sh ver

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IK8S-M), Version 12.2(11)T8, RELEASE SOFTWARE (f

c1)

Compiled Fri 28-Mar-03 18:31 by hqluong

Image text-base: 0x8000809C, data-base: 0x817E3CB4

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

ROUTER uptime is 16 minutes

System returned to ROM by reload at 00:08:29 DST Thu Jun 16 2005

System image file is "flash:10.0.0.125"

cisco 2621 (MPC860) processor (revision 0x102) with 56320K/9216K bytes of memory

.

Processor board ID JAB041709QS (2773658736)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Georg Pauwen · ‎06-16-2005

Hello,

I am thinking you could just configure an access list allowing only those two ports to access the RAS server:

access-list 101 permit tcp any host 192.168.2.2 eq 1723

access-list 101 permit 47 any host 192.168.2.2

access-list 101 deny ip any host 192.168.2.2

access-list 101 permit ip any any

Could you try and see if that works for you ?

Regards,

GP