Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1441
Views
0
Helpful
0
Replies

PPTP VPN to Pass NAT on Cisco 2921 Router

soni.sunil
Level 1
Level 1

‎04-14-2013 10:53 AM - edited ‎03-04-2019 07:35 PM

Hi,

I am struggling to have my PPTP traffic to get routed through NAT to reach other Server LAN segment. I am using Cisco 2921 router as a PPTP server.

This Cisco 2921 router is working as PPTP server and doing NAT also to reach Server LAN segment (LAN-B).

My problem is after PPTP connection establishes I cannot reach any of the LAN segment, but after connecting PPTP I can browse Internet without any issue, but none of the LAN element is reachable. Please have a look on the configuration I am posting 2921 router configuration to suggest something, I have also attached the network setup for better understanding…Just to update Clients in LAN-A can access Internet as well as servers (LAN-B).

aaa new-model

!

aaa authentication ppp default local

!

aaa session-id common

clock timezone GMT 4 0

!

no ipv6 cef

no ip source-route

ip cef

!

ip multicast-routing

ip dhcp excluded-address 10.10.10.1 10.10.10.20

ip dhcp excluded-address 60.60.30.25 60.60.30.27

!

ip dhcp pool PUBLIC

network 60.60.30.24 255.255.255.248

dns-server 212.22.20.20 200.29.21.222

default-router 60.60.30.25

!

ip dhcp pool PRIVATE

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 212.22.20.20 200.29.21.222

!

ip domain name a.b.c

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group PPTPVPN

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 4

l2tp tunnel timeout no-session 15

!

!

crypto pki token default removal timeout 0

!

username <> privilege 15 password 7 <>

!

ip tcp selective-ack

ip tcp path-mtu-discovery

ip ssh time-out 60

ip ssh authentication-retries 2

!

interface GigabitEthernet0/0

description ***Connected to Internet WAN Link***

ip address 80.80.80.78 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly in

load-interval 30

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

description ***Connected to LAN-A Hosts***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no ip route-cache cef

load-interval 30

duplex auto

speed auto

!

interface GigabitEthernet0/1.10

description ***Connected to LAN-A Hosts Providing Internet Without NAT***

encapsulation dot1Q 10

ip address 60.60.30.25 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/1.20

description ***Connected to LAN-A Hosts Providing Internet Using NAT ***

encapsulation dot1Q 20

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

no cdp enable

!

interface GigabitEthernet0/2

description ***Connected to LAN-B Hosts***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

load-interval 30

duplex auto

speed auto

!

interface GigabitEthernet0/2.100

description ***Connected to LAN-B for Management of Servers***

encapsulation dot1Q 100

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

no cdp enable

!

interface Virtual-Template4

ip unnumbered GigabitEthernet0/1.10

peer default ip address pool PPTP-POOL

ppp authentication ms-chap ms-chap-v2

!

!

ip local pool PPTP-POOL 60.60.30.27 60.60.30.28

ip forward-protocol nd

!

no ip http server

ip http secure-server

!

ip nat inside source route-map NAT_TO_MGMT interface GigabitEthernet0/2.100 overload

ip nat inside source route-map NAT_TO_INTERNET interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 80.80.80.77

ip route 10.20.20.0 255.255.252.0 GigabitEthernet0/2.100 192.168.1.2

!

ip access-list extended VTY_Access

permit tcp 10.10.10.0 0.0.0.255 any eq telnet

permit tcp 10.10.10.0 0.0.0.255 any eq 22

permit tcp 60.60.30.24 0.0.0.7 any eq telnet

permit tcp 60.60.30.24 0.0.0.7 any eq 22

deny   tcp any any

!

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 10 permit 172.21.21.0 0.0.0.7

access-list 20 permit 10.10.10.0 0.0.0.255

access-list 20 permit 60.60.30.24 0.0.0.7

access-list 20 permit 172.21.21.0 0.0.0.7

!

route-map NAT_TO_MGMT permit 10

match ip address 10

match interface GigabitEthernet0/2.100

!

route-map NAT_TO_INTERNET permit 10

match ip address 20

match interface GigabitEthernet0/0

!

line vty 0 4

access-class VTY_Access in

transport preferred ssh

transport input telnet ssh

transport output all

!

end

1 person had this problem
Labels:
Preview file
946 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card