12-24-2017 08:56 PM - edited 03-05-2019 09:41 AM
This is my situation i have a 2811 router that i am using as my main router, and i also have a cisco RV325 router i am using for my PPTP VPN. My 2811 is router on a stick with vlans 1 3 and 5. (I will post my running config). What i am trying to do is open port 1723 and GRE but nothing i do will work. I current have SSH open with no problems. Please take a look below and tell me what I am missing or doing wrong.
My RV325 PPTP router IP is 192.168.2.9
Here is my running config.
Router_A#show run
Building configuration...
Current configuration : 2550 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
!
enable password -------
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.4.15 192.168.4.254
ip dhcp excluded-address 192.168.2.2 192.168.2.99
!
ip dhcp pool Main
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.1 71.10.216.1 71.10.216.2 192.168.2.4
default-router 192.168.2.1
!
ip dhcp pool FBI 2
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 71.10.216.1 71.10.216.2 192.168.4.1
!
ip dhcp pool Cameras
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.1 71.210.16.1 71.210.16.2
!
!
!
ip domain name rtp.cisco.com
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FTX1212A4A1
username ------ password 0 --------
!
redundancy
!
!
controller T1 0/0/0
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.4.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.9 1723 interface FastEthernet0/0 1723
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit 23 0.0.0.0 255.255.255.0 any
access-list 101 permit tcp any eq 1723 any
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password --------
transport input ssh
!
scheduler allocate 20000 1000
end
Router_A#
12-25-2017 08:55 AM
Hello,
what do you want t accomplish ? To allow PPTP ?
Your config looks good, try and change your access list and corresponding NAT as below:
ip nat inside source list 1 interface FastEthernet0/0 overload
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
12-25-2017 01:14 PM
12-25-2017 01:28 PM
Hello,
where is the PPTP traffic originating ?
12-25-2017 02:24 PM
12-28-2017 06:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide