Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
0
Helpful
4
Replies

VPN access to server through two routers? Config help

_wolf0359
Level 1
Level 1

‎09-01-2014 07:07 PM - edited ‎03-07-2019 08:36 PM

My apologies if this should be in the WAN section, but I've been battling to make this work for some time, to no avail. I've tried what I feel is everything, so that's why I'm reaching out.

Here's what I'm trying to do: create a home lab on different network than other home computers with Dell server, trying to connect via VPN to that server, across two different routers.

Topology:

ISP > Cisco Linksys E1200 WAP (192.168.1.1 default gateway) > 192.168.1.2 int gi0 on Cisco 891 W router > int fa0 (192.168.2.1) goes to Dell server (192.168.2.20) (To this I have assigned the public IP from ISP in RRAS; also running DHCP and DNS; 891 W is not running DHCP)

From personal laptop, I can ping 192.168.1.2, but am unable to ping 192.168.2.1 nor 192.168.2.20 (the server), and am unable to VPN in to the Dell Server across the two aforementioned routers

On the WAP, I have port forwarding for 1723 PPTP enabled to 192.168.1.2 and VPN Passthrough enabled as well

Attached is the current config of the 891 W router. Any input anyone could provide would be greatly appreciated.

Thanks in advance.

Labels:
Preview file
4 KB
0 Helpful
4 Replies 4

bmcginn
Level 3
Level 3

‎09-01-2014 09:55 PM

Hi,

When you say that you can ping 192.168.1.2 from your personal laptop, where is that laptop connected?  In the 192.168.1.0/24 network or the 192.168.2.0/24?

I assume you're not trying to route traffic between the 819 and the E1200 and you just want to NAT everything and do proxy arp?

 

 

0 Helpful

Walter Astori
Level 1
Level 1
In response to bmcginn

‎09-02-2014 12:26 AM

Can you execute the following command :

traceroute 192.168.2.1 or

traceroute 192.168.2.20

can you add the following command :

ip nat outside source static <IP laptop> 192.168.2.20

0 Helpful

nkarthikeyan
Level 7
Level 7

‎09-01-2014 10:30 PM

Hi,

 

For making PPTP work, you may need to allow protocol GRE as well...... can you do it bi-directional and check if you are able to do vpn with the server?

 

Also if you ip inspect option, can you add pptp (1723) as well in inspection

 

Regards

Karthik

0 Helpful

_wolf0359
Level 1
Level 1
In response to nkarthikeyan

‎09-02-2014 04:32 AM

When I say I can't ping the server from personal laptop, personal laptop is on network 192.1681.1.0 and I can't ping 192.168.2.0 network, but the server can ping the personal laptop and do everything the other way.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card