05-12-2006 03:03 AM - edited 02-21-2020 02:24 PM
Hello i am having avery bizare problem,
i am setting up a vpn connection, as follows :
WINXP---->CISCO827ADSL---->INTERNET---->CORPORATE
i am using the windows XP VPN client to connect to my corporate server .
when i am using a normal modem (ALCATEL speedstoucvh pro etc ) i can connect without any porblems.
but when i connect my cisco router, it just dont work.
i have tried with cisco 827 ans cisco 837, it just wont work .
i started a configuration from scratch, it worked for some time, but then it just stopped, i switched my alcatel back and it worked, put cisco back again NOT WORKING.
here is my router config:
Building configuration...
Current configuration : 1166 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname VPN_RTR
ip subnet-zero
ip audit notify log
ip audit po max-events 100
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
interface ATM0
bandwidth 1025
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode auto
dsl power-cutback 1
hold-queue 208 in
interface Dialer0
bandwidth 1024
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxx
ppp chap password xxxx
ip nat inside source list 8 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
access-list 8 permit 192.168.1.0 0.0.0.255
scheduler max-task-time 5000
end
05-12-2006 03:56 AM
Hi
are you getting any error message in your VPN Client PC ?
regds
05-15-2006 03:13 AM
yes, when it reach verifying username and password it hangs .. error 721 windows XP,
05-16-2006 02:05 AM
the alcatel functions same as the router ( same routing / ip etc ) so no dialup in use , vpn just going out on the LAN conenction,
i have upgraded the cisco IOS but still it is same problem...
i have tried also the MS tricks but no change... I have tested that both with cisco 827 and 837 ..
i have been trying to see the pptp connetions on the router and here is the outcome:
supergrp#sh ip nat trans pptp
Pro Inside global Inside local Outside local Outside global
gre 196.192.100.115:0 192.168.100.10:0 196.25.124.209:0 196.25.124.209:0
gre 196.192.100.115:32768 192.168.100.10:32768 196.25.124.209:32768 196.25.124.209:32768
gre 196.192.100.115:16384 192.168.100.10:16384 196.25.124.209:16384 196.25.124.209:16384
gre 196.192.100.115:49152 192.168.100.10:49152 196.25.124.209:49152 196.25.124.209:49152
i am out of mind here
05-20-2006 05:23 AM
PPTP can have problems with firewalls because it builds two connections. First the client initiates the connection to the server from the inside of the firewall. This works fine as long no access-list is blocking port 1723. After authentication the server builds a GRE tunnel to the client. And this connection (data) is blocked by the firewall unless specifically permitted with an access-list. On pix it can be solved with fixup protocol pptp 1723 command. On a router ip inspect name .... pptp. I used it on the pix and it worked. it should on the router. Inspection opens this inbound GRE tunnel.
you can find some info here and in the command reference
05-23-2006 03:09 AM
00:56:36: NAT: PPTP packet: length: 168, type: 1, cookie: 1A2B3C4D
00:56:36: code: 7, Call ID: 0, Peer ID: 31911
00:56:36: NAT-PPTP: got Call ID 0 -> 0
00:56:36: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:56:36: NAT: PPTP translated: length: 168, type: 1, cookie: 1A2B3C4D
00:56:36: code: 7, Call ID: 0, Peer ID: 31911
00:56:37: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:56:37: NAT: PPTP packet: length: 32, type: 1, cookie: 1A2B3C4D
00:56:37: code: 8, Call ID: 33762, Peer ID: 0
00:56:37: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:56:37: NAT: PPTP translated: length: 32, type: 1, cookie: 1A2B3C4D
00:56:37: code: 8, Call ID: 33762, Peer ID: 0
00:56:39: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:56:39: NAT: PPTP packet: length: 168, type: 1, cookie: 1A2B3C4D
00:56:39: code: 7, Call ID: 0, Peer ID: 31911
00:56:39: NAT-PPTP: global Call ID already exists
00:56:39: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:56:39: NAT: PPTP translated: length: 168, type: 1, cookie: 1A2B3C4D
00:56:39: code: 7, Call ID: 0, Peer ID: 31911
00:56:40: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:56:40: NAT: PPTP packet: length: 32, type: 1, cookie: 1A2B3C4D
00:56:40: code: 8, Call ID: 33762, Peer ID: 0
00:56:40: NAT: PPTP Call ID 33762 --> 0
00:56:40: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:56:40: NAT: PPTP translated: length: 32, type: 1, cookie: 1A2B3C4D
00:56:40: code: 8, Call ID: 0, Peer ID: 0
00:56:40: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:56:40: NAT: PPTP packet: length: 24, type: 1, cookie: 1A2B3C4D
00:56:40: code: 15, Call ID: 0, Peer ID: 0
00:56:40: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:56:40: NAT: PPTP translated: length: 24, type: 1, cookie: 1A2B3C4D
00:56:40: code: 15, Call ID: 0, Peer ID: 0
00:56:40: NAT: GRE Call ID: 0 - [4965]
00:56:42: NAT: GRE Call ID: 0 - [5048]
00:56:45: NAT: GRE Call ID: 0 - [5168]
00:56:49: NAT: GRE Call ID: 0 - [5196]
00:56:53: NAT: GRE Call ID: 0 - [5199]
00:56:57: NAT: GRE Call ID: 0 - [5201]
00:57:01: NAT: GRE Call ID: 0 - [5204]
00:57:05: %SEC-6-IPACCESSLOGRP: list 100 permitted gre 192.168.100.10 -> 196.25.124.209, 7 packets
00:57:05: NAT: GRE Call ID: 0 - [5209]
00:57:09: NAT: GRE Call ID: 0 - [5212]
00:57:13: NAT: GRE Call ID: 0 - [5219]
00:57:17: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:57:17: NAT: PPTP packet: length: 16, type: 1, cookie: 1A2B3C4D
00:57:17: code: 12, Call ID: 0, Peer ID: 0
00:57:17: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:57:17: NAT: PPTP translated: length: 16, type: 1, cookie: 1A2B3C4D
00:57:17: code: 12, Call ID: 0, Peer ID: 0
00:57:17: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:57:17: NAT: PPTP packet: length: 148, type: 1, cookie: 1A2B3C4D
00:57:17: code: 13, Call ID: 33762, Peer ID: 0
00:57:17: NAT-PPTP: GRE tunnels deleted for Call ID: 33762
00:57:17: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:57:17: NAT: PPTP translated: length: 148, type: 1, cookie: 1A2B3C4D
00:57:17: code: 13, Call ID: 33762, Peer ID: 0
00:57:18: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:57:18: NAT: PPTP In - Out (192.168.100.10, 3156) -> (196.25.124.209, 1723)
00:57:18: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
00:57:18: NAT: PPTP Out - In (196.25.124.209, 1723) -> (196.192.108.201, 3156)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: