Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1248
Views
0
Helpful
3
Replies

Connecting on Windows VPN Server through Cisco 876 - *newbie*

ZharkoAtkovski
Level 1
Level 1

‎09-16-2010 08:10 AM

Hello Guys,

Here is the layout that I currently have:

VPN Server (Windows 2008) --> Cisco 876  --> Internet (dynamic ip address) --> Client (My home PC)

So I'm having trouble connecting to the vpn server from my home pc, it actually hangs on "Verifying username and password" and then it just drops because of the timeout.

I googled for the solution and all I could find was that I need to open port 1723 and allow GRE (protocol 47) through the Cisco router.

So I managed to forward port 1723 to the required server, but I can't seem to do that for the GRE.

So can somebody please give me step by step instructions on how to do this, and for that matter how to make the whole thing work.

Note that I'm very new to cisco routers and firewalls, so I'm still not familiar with most of the commands for the router.

Thanks

Labels:
0 Helpful
3 Replies 3

praprama
Cisco Employee
Cisco Employee

‎09-16-2010 08:31 AM

Hi,

Unfortunately PPTP does not work with PAT for the server on port TCP/1723. This is because GRE is used in this connection and since GRE itself does not have any port numbers, we will need a NAT (1:1) for the server and not a PAT on TCP port 1723. I suppose that's the reason why it's not working in your case.


The payload when GRE comes into play is going to be something like below:

_______ ________

|            |             |

|   IP      |    GRE  |

|_______|_______|

So as can be seen, the port forwarding that you have configured for the PPTP server on TCP 1723 will not help due to the fact that the router can not find the port number field in the GRE header (though it can find the IP address field in the IP header). Hence, we will need a 1:1 NAT for this server.

If you have another IP address, try NATing the routing the server to that IP rather than a Port forwarding. Let me know if this helps!!

Rregards,

Prapanch

0 Helpful

ZharkoAtkovski
Level 1
Level 1
In response to praprama

‎09-17-2010 05:49 AM

Well for some reason that didn't work as well, maybe i'm still doing something wrong....

However would it be easier if i use the cisco vpn client and set the router as a vpn server?

If that is possible, can you give me a step by step guide on how to setup the router to act as a vpn server?

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to ZharkoAtkovski

‎09-17-2010 08:30 AM

Hi,

I am not sure why that did not work. As long as you have GRE and TCP/1723 permitted, it should work fine. To configure VPN on router and connect to it using Cisco VPN client, please refer the link below:

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml

Hope this helps!!

Regards,

Prapanch

0 Helpful
Customers Also Viewed These Support Documents