Re: Allowing vpn connection out to extranet

dburgess.adliteuk · ‎08-26-2011

Hello

I'm hoping someone can offer some good advice to this problem I'm having. We have a cisco 2800 router and are now required to allow users to be able to connect to another company's extranet. Having tried this it wont allow this connection so I have added this to the access-list 101

access-list 101 remark SDM_ACL Category=0

access-list 101 permit ip any host 192.168.0.246

access-list 101 permit ip any host 192.168.0.247

access-list 101 permit ip any host 192.168.0.47

access-list 101 permit tcp any any eq 1723

access-list 101 permit gre any any

I dont think the gre is being allowed back in. I have attached a cut down copy of the config to see if anyone can assist. I have just general experience of cisco routers and not cisco qualified. Any assistance will be greatly appreciated.

Edison Ortiz · ‎08-26-2011

I don't see any crytpo configuration anywhere. You need crypto configuration for an IPSec VPN.

Please refer to this document to get you started:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Regards,

Edison

dburgess.adliteuk · ‎09-01-2011

Thanks for your reply Edison its much appreciated I am attaching the full config file as I had chopped it down. If you get chance to have a look I would like to hear your opinion on the full config. Or if You can advise me how to troubleshoot where the VPN traffic is getting stopped and how I might be able to resolve this issue. Manky thanks in advance.