10-16-2013 12:15 PM - edited 03-04-2019 09:20 PM
We are not able to connect to our Servers using Microsoft Remote Desktop from wan side. The Configuration of the router is:
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Branch
!
boot-start-marker
boot-end-marker
!
!
enable secret 4
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip name-server ips1dns1
ip name-server ips1dns2
ip name-server isp2dns1
ip name-server isp2dns2
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-template 1
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
!
!
crypto pki token default removal timeout 0
!
!
!
!
username vpn password vpn
interface Tunnel1
description VPN To Head-Office
ip address
tunnel source
tunnel destination
!
interface Tunnel2
description VPN 2 To Head-Office
ip address
shutdown
tunnel source
tunnel destination
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
ip address wan ip
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address lan ip
ip nat inside
ip virtual-reassembly in
ip policy route-map ICC
duplex auto
speed auto
!
interface GigabitEthernet0/2
description WAN BACKUP
ip address wan ip
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
peer default ip address pool vpn
no keepalive
ip local pool vpn startip endip
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool ovrld wanip wanip prefix-length 30
ip nat inside source list 102 pool ovrld overload
ip nat inside source static tcp server ip 3389 interface GigabitEthernet0/0 3
389
ip route 0.0.0.0 0.0.0.0 wan ip
ip route h.o lan network ip Tunnel1
ip route h.o wan ip for server Tunnel1
!
access-list 102 permit ip host server1 any
access-list 102 permit ip host server2 any
!
route-map branch permit 10
match ip address 108
set ip default next-hop wan 2 ip
!
!
!
control-plane
!
!
!
line con 0
password 7
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7
login
transport input all
!
scheduler allocate 20000 1000
end
Any Suggestions?
Thanks.
10-16-2013 01:49 PM
Everything looks okay. Can your servers ping a host on the WAN? What does "show ip nat tran" say?
Is the host that you're trying to connect from in the HO LAN or WAN?
Sachin
10-16-2013 05:38 PM
Hi!
From H.O it is working but outside of vpn not working. I need to connect to the server from outside using the public IP.
Thanks.
10-16-2013 05:54 PM
If that works then it probably means that the default gateway on the server is set correctly. Your static NAT appears fine. And I assume that you configured the correct IPs and are connecting to the correct internet IP.
Did you do any debugs or captures on the outside interface?
Also, what does the route-map ICC on the LAN interface do?
Sachin
10-18-2013 06:16 AM
It is from the ISP.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide