Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1570
Views
0
Helpful
4
Replies

Problem with Cisco 861W router and outgoing VPN

mark-jordan
Level 1
Level 1

‎02-29-2012 02:13 PM

We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.

Here is the Access Point Configuration:

Current configuration : 2100 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname obap
!
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid OLIVER
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 XXXXXXXXXXX
!
!
!
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm tkip
!
ssid OLIVER
!
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip
!
!
banner login ^CC
% Password change notice.
-----------------------------------------------------------------------

Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring  "no banner login" and "no banner exec" in privileged mode.

-----------------------------------------------------------------------
^C
!
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
!
cns dhcp
end

obap#

Here is the Router's Configuration:

Current configuration : 5908 bytes
!
! No configuration change since last restart
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname obrouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
!
!
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
  35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
  7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
  071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
  B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
  F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
  551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
  0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
  1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
  06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
  DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
  F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
  B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
  505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
        quit
no ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 216.49.160.10 216.49.160.66
   default-router 192.168.0.1
!
!
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
!
!
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
!
!
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Any help would be appreciated

Labels:
0 Helpful
4 Replies 4

erick
Level 1
Level 1

‎09-26-2012 07:36 PM

Did you ever get this issue resolved?  I am experiencing the exact same problem with the same router.  If you found a solution, please update me on the fix.  Thank you!

0 Helpful

lubosbella
Level 1
Level 1
In response to erick

‎09-27-2012 05:49 AM

Hello,

i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

Can someone help?

Thank you.

Here is my config for internal AP and router.

135779-Config Cisco1 861w.txt.zip
0 Helpful

mark-jordan
Level 1
Level 1
In response to lubosbella

‎09-27-2012 08:18 AM

No - the problem has not been resolved. Please let me know if you find an answer.

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to mark-jordan

‎09-27-2012 10:38 AM

Hi Mark,

This is the VPN community, have you tried with the Wireless community?

Perhaps you will find an answer if you check with them.

Thanks.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents