cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
620
Views
0
Helpful
5
Replies

Cisco 2811 problem opening port 1723

This is my situation i have a 2811 router that i am using as my main router, and i also have a cisco RV325 router i am using for my PPTP VPN.  My 2811 is router on a stick with vlans 1 3 and 5. (I will post my running config). What i am trying to do is open port 1723 and GRE but nothing i do will work. I current have SSH open with no problems. Please take a look below and tell me what I am missing or doing wrong.

My RV325 PPTP router IP is 192.168.2.9

Here is my running config. 

Router_A#show run
Building configuration...

Current configuration : 2550 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
!
enable password -------
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.4.15 192.168.4.254
ip dhcp excluded-address 192.168.2.2 192.168.2.99
!
ip dhcp pool Main
 network 192.168.2.0 255.255.255.0
 dns-server 192.168.2.1 71.10.216.1 71.10.216.2 192.168.2.4
 default-router 192.168.2.1
!
ip dhcp pool FBI 2
 network 192.168.4.0 255.255.255.0
 default-router 192.168.4.1
 dns-server 71.10.216.1 71.10.216.2 192.168.4.1
!
ip dhcp pool Cameras
 network 192.168.3.0 255.255.255.0
 default-router 192.168.3.1
 dns-server 192.168.3.1 71.210.16.1 71.210.16.2
!
!
!
ip domain name rtp.cisco.com
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FTX1212A4A1
username ------ password 0 --------
!
redundancy
!
!
controller T1 0/0/0
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 encapsulation dot1Q 1 native
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface FastEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface FastEthernet0/1.5
 encapsulation dot1Q 5
 ip address 192.168.4.1 255.255.255.240
 ip nat inside
 ip virtual-reassembly in
!
router rip
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.9 1723 interface FastEthernet0/0 1723
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit 23 0.0.0.0 255.255.255.0 any
access-list 101 permit tcp any eq 1723 any
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 password --------
 transport input ssh
!
scheduler allocate 20000 1000
end

Router_A#

5 Replies 5

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

what do you want t accomplish ? To allow PPTP ?

 

Your config looks good, try and change your access list and corresponding NAT as below:

 

ip nat inside source list 1 interface FastEthernet0/0 overload

 

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255

I am trying to allow pptp traffic to go to my rv325 router (192.168.2.9 IP
address). I know my VPN is working because I can use it locally but when
remote it won't connect. When I do a port scan on my public IP it comes
back as filtered instead of closed. I will apply the command and post back
with results

Hello,

 

where is the PPTP traffic originating ?

>From my rv325 Cisco router the IP address is 192.168.2.9 (static assigned)

Ok so I tried the configuration you suggested and it made no difference.
Port still shows up as filtered on mxtoolbox.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers