Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
!
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
!
!
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
!
ip dhcp pool ContosoPool
network 10.236.5.0 255.255.255.0
default-router 10.236.5.254
dns-server 213.42.20.20 195.229.241.222
!
ip dhcp pool DMZ
network 172.21.51.0 255.255.255.0
dns-server 172.21.51.10
default-router 172.21.51.1
domain-name contoso.local
!
!
!
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:yyyyy@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
!
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
!
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
!
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
!
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
!
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
!
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
!
!
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
(removed the certificate info for clarity)9
quit
certificate ca 18
(removed the certificate info for clarity)
quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
(removed the certificate info for clarity)
quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
(removed the certificate info for clarity)
quit
crypto pki certificate chain OWA
(removed the certificate info for clarity)
!
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
!
redundancy
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
!
crypto dynamic-map mydyn 10
set transform-set strongsha
!
!
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
!
!
!
!
!
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
!
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
!
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
!
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
!
interface Dialer995
no ip address
!
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
!
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
!
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
!
scheduler allocate 20000 1000
!
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context webvpn
ssl authenticate verify all
!
url-list "Webservers"
heading "SimpleIT Technologies NBNS Servers"
url-text "Google" url-value "www.google.com"
url-text "Mainframe" url-value "10.236.5.2"
url-text "Mainframe2" url-value "https://10.236.5.2"
!
nbns-list "ContosoServer"
nbns-server 10.236.5.10
nbns-server 10.236.5.11
nbns-server 10.236.5.12
!
port-forward "PortForwarding"
local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
!
policy group policy1
url-list "Webservers"
port-forward "PortForwarding"
nbns-list "ContosoServer"
functions file-access
functions file-browse
functions file-entry
functions svc-enabled
svc address-pool "webssl"
svc default-domain "Contoso.Local"
svc keep-client-installed
svc split include 10.236.5.0 255.255.255.0
svc split include 10.236.6.0 255.255.255.0
svc split include 172.31.1.0 255.255.255.0
svc split include 172.21.51.0 255.255.255.0
svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
!
end
Gateway#
