Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
1
Replies

VPN with cisco 2611 v 12.0 iso

mmcanelly
Level 1
Level 1

‎02-06-2004 10:23 AM - edited ‎02-21-2020 01:01 PM

hello all.

I am trying to setup a win2k server as vpn server behind a cisco 2611 router to connect a satellite office to our main office.

I have found some info on how to set up access lists and such but I have hit a wall.

Currently what I have so far:

interface Ethernet0/0

description connected to EthernetLAN

ip address 192.168.208.30 255.255.255.0

no ip directed-broadcast

ip nat inside

!

interface Ethernet0/1

description connected to Internet

ip address 64.217.xxx.86 255.255.255.252

ip access-group inet_inbound in (--- I added correct ???)

no ip directed-broadcast

ip nat outside

ip access-list extended inet_inbound

deny ip 10.0.0.0 0.255.255.255 any

deny ip 172.16.0.0 0.15.255.255 any

deny ip 192.168.0.0 0.0.255.255 any

permit tcp any host 64.217.xxx.86 eq 1723

permit gre any host 64.217.xxx.86

**************************

Both examples I have show:

interface Serial0/0

description internet interface

ip address 64.217.xxx.xxx 255.255.255.252

ip access-group inet_inbound in

BUT when I try to type "interface Serial0/0" at the router config prompt, it gives me an error pointing to the 'S' in serial, so should I add the ip access-group line to my Internet 0/1 like I did above since that is my internet connection????

thanks in advance.

mattmc

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-07-2004 07:57 PM

You don't have a Serial interface in your router, so you're adding the access-list to the correct interface.

The trouble is you're trying to connect to the 64.217.xxx.86 address which is the router's address, not the address of the internal Win2K server. For a PPTP connection you will need a second IP address from your ISP, so let's assume they give you 64.217.xxx.87.

The following will send all traffic destined for 64.217.xxx.87 through to your internal Win2K server (which I've assumed is 192.168.208.1, change if necessary):

ip nat inside source static 192.168.208.1 64.217.xxx.87 extendable

Change the two lines in your access-list to reference the .87 address rather than the .86.

Then have all your VPN clients connect to the .87 address rather than .86 and you should be good to go.

0 Helpful
Customers Also Viewed These Support Documents