Hi

I have a problem where I need to allow vpn connection on port 1723 on a cisco 800 series adsl router.

I have put in an acl to permit tcp on port 1723.

The statement looks like this:

permit tcp host 202.x.x.124 any eq 1723

permit tcp any host 202.x.x.124 eq 1723

However this does not solve the problem. I can ping and trace to the above ip fine, but cannot connect using my vpn.

the rest of the routers acl look like this:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp keepalive 30 10

crypto isakmp nat keepalive 30

!

crypto isakmp client configuration group remoteuser

key R0bertsR3eves

dns 192.168.0.1

domain davidrookelaw.co.nz

pool clientPOOL

acl acl-SplitTunnel1

!

!

crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac

!

crypto dynamic-map outsidemap_dyn 10

set transform-set 3DES-MD5

!

!

crypto map outsidemap client authentication list vpn-radius

crypto map outsidemap isakmp authorization list groupauthor

crypto map outsidemap client configuration address respond

crypto map outsidemap 65535 ipsec-isakmp dynamic outsidemap_dyn

!

!

ip access-list extended acl-SplitTunnel1

permit ip 192.168.0.0 0.0.0.255 any

access-list 100 deny ip 192.168.0.0 0.0.0.255 172.22.100.0 0.0.0.255

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 110 remark VPN

access-list 110 permit esp any any

access-list 110 permit udp any any eq isakmp

access-list 110 permit udp any any eq non500-isakmp

access-list 110 remark VPN

access-list 110 remark Anti-Spoofing

access-list 110 remark Allow NTP

access-list 110 remark Allow services

access-list 110 remark Allow some ICMP

access-list 110 remark Allow Maclean

access-list 110 permit ip 172.22.100.0 0.0.0.255 any

access-list 110 permit udp host 202.27.184.3 eq domain any

access-list 110 remark Anti-Spoofing

access-list 110 deny ip 192.168.0.0 0.0.255.255 any

access-list 110 deny ip 127.0.0.0 0.255.255.255 any

access-list 110 deny ip 10.0.0.0 0.255.255.255 any

access-list 110 deny ip 172.16.0.0 0.15.255.255 any

access-list 110 deny ip 224.0.0.0 15.255.255.255 any

access-list 110 deny icmp any any redirect

access-list 110 deny ip host 0.0.0.0 any

access-list 110 deny ip any host 255.255.255.255

access-list 110 remark Allow NTP

access-list 110 permit udp host 131.203.16.6 any eq ntp

access-list 110 remark Allow services

access-list 110 permit tcp any any eq smtp

access-list 110 remark Allow some ICMP

access-list 110 permit icmp any any unreachable

access-list 110 permit icmp any any echo-reply

access-list 110 permit icmp any any packet-too-big

access-list 110 permit icmp any any time-exceeded

access-list 110 permit icmp any any traceroute

access-list 110 permit icmp any any administratively-prohibited

access-list 110 remark Allow Maclean

access-list 110 permit ip host 210.54.118.202 any

access-list 110 permit ip host 202.180.113.9 any

access-list 110 deny ip any any log

access-list 120 remark Anti-Worm

access-list 120 deny tcp any any eq 445 log

access-list 120 remark Anti-Worm

access-list 120 deny tcp any any eq 135 log

access-list 120 permit tcp host 192.168.0.10 any eq smtp

access-list 120 deny tcp any any eq smtp log

access-list 120 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

!

Thanks

willemvw