Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3441
Views
0
Helpful
9
Replies

VPN port forwarding on Cisco 877

efusesolutions
Level 1
Level 1

‎04-07-2011 07:46 AM

Hi all, first of all please forgive me Iif I've posted on the wrong forum, I'm new to this site.

We have the above router for a small business and I want to configure VPN to port forward to the server so it can handle the VPN traffic through Routing and Remote Access.

I have configured port forwarding on SMTP, RWW and other protocols successfully but VPN will not work.

Within the built in web interface on the Cisco it advised that if I want to configure VPN I need to use Cisco Config Pro. I have had a look through this software but it looked to only support the router as the VPN gateway rather than port forwarding to a server.

Can anyone please point me in the right direction with this.

Kind Regards,

Dave Williamson

Labels:
0 Helpful
9 Replies 9

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-09-2011 07:26 PM

Which VPN are you trying to port forward to?

PPTP? L2TP over IPSec? SSL VPN? or IPSec VPN?

Once you confirm which VPN you would like to port forward to, please also share the existing router configuration, as well as your internal VPN server IP Address.

0 Helpful

efusesolutions
Level 1
Level 1
In response to Jennifer Halim

‎04-11-2011 01:29 AM

Hi, Thanks for replying.

I am trying to port forward on a PPTP connection, so port 1723. Now I know that this also requires GRE IP port 47, I tried to add this to the router and test via telnet again but nothing came of it.

As far as configuration is concerned, it's a standard ADSL set-up with some basic port forwarding rules including SMTP, RDP, RWW which all work fine.

The network configuration is 10.1.1.0/24 with the IP of the server being 10.1.1.1 and the router being 10.1.1.5

Just a further note that because the vpn is not working, I currently have a netgear as the ADSL router performing all the port forwarding to the server and this works fine with VPN as well, so I know it's something on the Cisco that I'm missing.

Thanks again

Dave Williamson

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to efusesolutions

‎04-11-2011 02:36 AM

You are right, PPTP consists of 2 proctocols:

1) TCP/1723

2) GRE (protocol 47)

Can you please advise what version of 877 router are you running, and also pls share a copy of the configuration.

Are you running Zone base FW?

Also  where is it failing? does it get authenticated and you weren't able to  access the internal resources, OR, it doesn't even connect at all?

0 Helpful

efusesolutions
Level 1
Level 1
In response to Jennifer Halim

‎04-11-2011 06:15 AM

Hi,

At the moment the router in on a client site so I'd need to get there before I provide you with the exact version number or config file.

If the verison number is on the router I can probably find this out tomorrow morning by calling some, but I am next on site next week (19th) and so would have to wait until then to get a hold of the config file.

I'm not sure if  I'm using a zone based firewall, I switch the firewall off as I was setting up the router to simply test the connection.

The VPN does not work at all. I tested this via telent and it cannot get past the router.

Dave

0 Helpful

efusesolutions
Level 1
Level 1
In response to Jennifer Halim

‎04-19-2011 04:24 AM

Hi,

First of all thanks for being so patient in wating for this information:

The Version number is V06. The IOS version is 12.4(15)T12 if this also helps.

I have also managed to get you a config file from Cisco CP and this is attached.

Thanks and regards,

Dave

85104-RunningConfig_10.1.1.5.txt.zip
0 Helpful

efusesolutions
Level 1
Level 1
In response to efusesolutions

‎04-28-2011 12:59 AM

Hi,

Sorry to be a pain, I wondered if you got my recent post and if you are still able to help me?

Dave

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to efusesolutions

‎04-28-2011 09:38 PM

Sorry, didn't see your reply.

I have checked your current configuration, and you would need to add the following:

ip nat inside source static tcp 10.1.1.1 1723 interface Dialer0 1723

Let me know if that resolves the issue. Thanks.

0 Helpful

efusesolutions
Level 1
Level 1
In response to Jennifer Halim

‎05-03-2011 07:09 AM

Hi,

Thanks for getting back to me.

I did add a NAT entry for 1723 and 43 GRE into the NAT table but this still didn't work. I did this from the Cisco web interface built into the Cisco.

I initially had only 1723 but then shortly after learning of the GRE Protocol I did add 43. Now I added GRE as a TCP and as UDP, is this currect?

So I have added both of the above to the NAT table and still no joy.

Dave Williamson

0 Helpful

efusesolutions
Level 1
Level 1
In response to efusesolutions

‎05-11-2011 05:01 AM

Hi,

I wondered if you had managed to review my last post.

Dave

0 Helpful
Customers Also Viewed These Support Documents