Cisco 2811 problem opening port 1723

morinookuni@gmail.com · ‎12-24-2017

This is my situation i have a 2811 router that i am using as my main router, and i also have a cisco RV325 router i am using for my PPTP VPN. My 2811 is router on a stick with vlans 1 3 and 5. (I will post my running config). What i am trying to do is open port 1723 and GRE but nothing i do will work. I current have SSH open with no problems. Please take a look below and tell me what I am missing or doing wrong.

My RV325 PPTP router IP is 192.168.2.9

Here is my running config.

Router_A#show run
Building configuration...

Current configuration : 2550 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
!
enable password -------
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.4.15 192.168.4.254
ip dhcp excluded-address 192.168.2.2 192.168.2.99
!
ip dhcp pool Main
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.1 71.10.216.1 71.10.216.2 192.168.2.4
default-router 192.168.2.1
!
ip dhcp pool FBI 2
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 71.10.216.1 71.10.216.2 192.168.4.1
!
ip dhcp pool Cameras
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.1 71.210.16.1 71.210.16.2
!
!
!
ip domain name rtp.cisco.com
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FTX1212A4A1
username ------ password 0 --------
!
redundancy
!
!
controller T1 0/0/0
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.4.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.9 1723 interface FastEthernet0/0 1723
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit 23 0.0.0.0 255.255.255.0 any
access-list 101 permit tcp any eq 1723 any
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password --------
transport input ssh
!
scheduler allocate 20000 1000
end

Router_A#

Georg Pauwen · ‎12-25-2017

Hello,

what do you want t accomplish ? To allow PPTP ?

Your config looks good, try and change your access list and corresponding NAT as below:

ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255

morinookuni@gmail.com · ‎12-25-2017

I am trying to allow pptp traffic to go to my rv325 router (192.168.2.9 IP
address). I know my VPN is working because I can use it locally but when
remote it won't connect. When I do a port scan on my public IP it comes
back as filtered instead of closed. I will apply the command and post back
with results

Georg Pauwen · ‎12-25-2017

Hello,

where is the PPTP traffic originating ?

morinookuni@gmail.com · ‎12-25-2017

>From my rv325 Cisco router the IP address is 192.168.2.9 (static assigned)

morinookuni@gmail.com · ‎12-28-2017

Ok so I tried the configuration you suggested and it made no difference.
Port still shows up as filtered on mxtoolbox.