Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Gre through cisco router to Microsoft PPTP server trouble.

Reply
Thread Tools

Gre through cisco router to Microsoft PPTP server trouble.

 
 
Dennis
Guest
Posts: n/a
 
      02-29-2004
I've been trying for days to get GRE through our router to a Microsoft
windows 2000 RRAS server at 192.168.5.8 If any of you gurus could
take a look at this and tell me what I'm doing wrong I'd appreciate
it.


version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ABI_Router
!
logging queue-limit 100
enable secret 5 $1$ahqm$NwBLKy2EwFM.kIS4MLMHk1
enable password 7 09585C480A114300
!
username admin password 7 06024E3B56425A5915051B1D09082F2C21686260
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
ip name-server 206.13.28.12
!
no ip bootp server
ip inspect audit-trail
ip inspect name abifw ftp timeout 3600
ip inspect name abifw http timeout 3600
ip inspect name abifw rcmd timeout 3600
ip inspect name abifw cuseeme timeout 3600
ip inspect name abifw smtp timeout 3600
ip inspect name abifw udp timeout 3600
ip inspect name abifw tcp timeout 3600
ip inspect name abifw realaudio timeout 3600
ip audit notify log
ip audit po max-events 100
!
!
!
!
interface Ethernet0
description connected to Internet
ip address 207.105.X.95 255.255.255.0
ip access-group 130 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
no ip route-cache
full-duplex
no cdp enable
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.5.99 255.255.255.0
no ip proxy-arp
ip nat inside
ip inspect abifw in
no ip route-cache
speed auto
full-duplex
no cdp enable
!
interface Serial0
no ip address
encapsulation frame-relay IETF
shutdown
!
interface Serial0.1 point-to-point
description INTERNET
ip address 209.79.X.162 255.255.255.128
shutdown
frame-relay interface-dlci 16
!
router rip
version 2
passive-interface Ethernet0
network 192.168.5.0
network 207.105.132.0
no auto-summary
!
ip nat translation timeout 300
ip nat inside source list 101 interface Ethernet0 overload
ip nat inside source static tcp 192.168.5.11 6000 interface Ethernet0
6000
ip nat inside source static tcp 192.168.5.11 80 interface Ethernet0
8080
ip nat inside source static tcp 192.168.5.6 80 interface Ethernet0 80
ip nat inside source static tcp 192.168.5.6 25 interface Ethernet0 25
ip nat inside source static tcp 192.168.5.6 110 interface Ethernet0
110
ip nat inside source static tcp 192.168.5.6 443 interface Ethernet0
443
ip nat inside source static tcp 192.168.5.8 1723 207.105.132.96 1723
extendable
ip nat inside source static 192.168.5.8 207.105.X.96 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 207.105.132.65
ip route 192.168.7.0 255.255.255.0 192.168.5.2
ip route 192.168.8.0 255.255.255.0 192.168.5.2
ip route 192.168.9.0 255.255.255.0 192.168.5.2
ip http server
!
!
logging 192.168.5.5
access-list 2 permit 192.168.5.0 0.0.0.255
access-list 101 permit ip any any
access-list 101 permit gre any any
access-list 130 permit tcp any any eq www
access-list 130 permit tcp any any eq 8080
access-list 130 permit tcp any any eq smtp
access-list 130 permit tcp any any eq pop3
access-list 130 permit tcp any any eq 443
access-list 130 permit udp any any eq domain
access-list 130 permit tcp any any eq 6000
access-list 130 permit icmp any any
access-list 130 permit gre any any
access-list 130 permit tcp any any eq 1723
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
password 7 060E0E285E59001D00
login
line aux 0
line vty 0 4
password 7 044F19471C35185C
login
!
end


When I do a show IP Nat translations I see it trying to work over
1723, but no GRE. Any help would be greatly appreciated as I'm about
ready to lose it.

tcp 207.105.X.96:1723 192.168.5.8:1723 24.176.233.215:3568
24.176.233.215:3568
tcp 207.105.X.95:6000 192.168.5.11:6000 ---
---
tcp 207.105.X.95:8080 192.168.5.11:80 ---
---
udp 207.105.X.95:1048 192.168.5.254:1048 207.105.132.68:53
207.105.132.68:53
--- 207.105.X.96 192.168.5.8 ---
---
tcp 207.105.X.95:25 192.168.5.6:25 ---
---
tcp 207.105.X.95:80 192.168.5.6:80 ---
---
tcp 207.105.X95:110 192.168.5.6:110 --- ---
tcp 207.105.X.95:4589 192.168.5.89:4589 64.157.165.236:80
64.157.165.236:80
tcp 207.105.X.95:443 192.168.5.6:443 ---
---
tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1494
24.53.229.36:1494
tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1496
24.53.229.36:149
 
Reply With Quote
 
 
 
 
Martin Bilgrav
Guest
Posts: n/a
 
      02-29-2004
Cisco IOS Software Releases 12.1 T and later support PPTP pass through or
PPTP over PAT feature. For more information, see the "NAT - Support for PPTP
in an Overload (Port Address Translation) Configuration" section in Cisco
IOS Software 12.1 T Early Deployment Release Series. To configure PPTP over
PAT or PPTP pass through on a Cisco IOS router, please refer to IP
Tunneling - Configuring PPTP Through PAT to a Microsoft PPTP Server.





"Dennis" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I've been trying for days to get GRE through our router to a Microsoft
> windows 2000 RRAS server at 192.168.5.8 If any of you gurus could
> take a look at this and tell me what I'm doing wrong I'd appreciate
> it.
>
>
> version 12.2
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> service password-encryption
> !
> hostname ABI_Router
> !
> logging queue-limit 100
> enable secret 5 $1$ahqm$NwBLKy2EwFM.kIS4MLMHk1
> enable password 7 09585C480A114300
> !
> username admin password 7 06024E3B56425A5915051B1D09082F2C21686260
> ip subnet-zero
> no ip source-route
> !
> !
> no ip domain lookup
> ip name-server 206.13.28.12
> !
> no ip bootp server
> ip inspect audit-trail
> ip inspect name abifw ftp timeout 3600
> ip inspect name abifw http timeout 3600
> ip inspect name abifw rcmd timeout 3600
> ip inspect name abifw cuseeme timeout 3600
> ip inspect name abifw smtp timeout 3600
> ip inspect name abifw udp timeout 3600
> ip inspect name abifw tcp timeout 3600
> ip inspect name abifw realaudio timeout 3600
> ip audit notify log
> ip audit po max-events 100
> !
> !
> !
> !
> interface Ethernet0
> description connected to Internet
> ip address 207.105.X.95 255.255.255.0
> ip access-group 130 in
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> no ip route-cache
> full-duplex
> no cdp enable
> !
> interface FastEthernet0
> description connected to EthernetLAN
> ip address 192.168.5.99 255.255.255.0
> no ip proxy-arp
> ip nat inside
> ip inspect abifw in
> no ip route-cache
> speed auto
> full-duplex
> no cdp enable
> !
> interface Serial0
> no ip address
> encapsulation frame-relay IETF
> shutdown
> !
> interface Serial0.1 point-to-point
> description INTERNET
> ip address 209.79.X.162 255.255.255.128
> shutdown
> frame-relay interface-dlci 16
> !
> router rip
> version 2
> passive-interface Ethernet0
> network 192.168.5.0
> network 207.105.132.0
> no auto-summary
> !
> ip nat translation timeout 300
> ip nat inside source list 101 interface Ethernet0 overload
> ip nat inside source static tcp 192.168.5.11 6000 interface Ethernet0
> 6000
> ip nat inside source static tcp 192.168.5.11 80 interface Ethernet0
> 8080
> ip nat inside source static tcp 192.168.5.6 80 interface Ethernet0 80
> ip nat inside source static tcp 192.168.5.6 25 interface Ethernet0 25
> ip nat inside source static tcp 192.168.5.6 110 interface Ethernet0
> 110
> ip nat inside source static tcp 192.168.5.6 443 interface Ethernet0
> 443
> ip nat inside source static tcp 192.168.5.8 1723 207.105.132.96 1723
> extendable
> ip nat inside source static 192.168.5.8 207.105.X.96 extendable
> ip classless
> ip route 0.0.0.0 0.0.0.0 207.105.132.65
> ip route 192.168.7.0 255.255.255.0 192.168.5.2
> ip route 192.168.8.0 255.255.255.0 192.168.5.2
> ip route 192.168.9.0 255.255.255.0 192.168.5.2
> ip http server
> !
> !
> logging 192.168.5.5
> access-list 2 permit 192.168.5.0 0.0.0.255
> access-list 101 permit ip any any
> access-list 101 permit gre any any
> access-list 130 permit tcp any any eq www
> access-list 130 permit tcp any any eq 8080
> access-list 130 permit tcp any any eq smtp
> access-list 130 permit tcp any any eq pop3
> access-list 130 permit tcp any any eq 443
> access-list 130 permit udp any any eq domain
> access-list 130 permit tcp any any eq 6000
> access-list 130 permit icmp any any
> access-list 130 permit gre any any
> access-list 130 permit tcp any any eq 1723
> snmp-server community public RO
> snmp-server enable traps tty
> !
> line con 0
> exec-timeout 0 0
> password 7 060E0E285E59001D00
> login
> line aux 0
> line vty 0 4
> password 7 044F19471C35185C
> login
> !
> end
>
>
> When I do a show IP Nat translations I see it trying to work over
> 1723, but no GRE. Any help would be greatly appreciated as I'm about
> ready to lose it.
>
> tcp 207.105.X.96:1723 192.168.5.8:1723 24.176.233.215:3568
> 24.176.233.215:3568
> tcp 207.105.X.95:6000 192.168.5.11:6000 ---
> ---
> tcp 207.105.X.95:8080 192.168.5.11:80 ---
> ---
> udp 207.105.X.95:1048 192.168.5.254:1048 207.105.132.68:53
> 207.105.132.68:53
> --- 207.105.X.96 192.168.5.8 ---
> ---
> tcp 207.105.X.95:25 192.168.5.6:25 ---
> ---
> tcp 207.105.X.95:80 192.168.5.6:80 ---
> ---
> tcp 207.105.X95:110 192.168.5.6:110 --- ---
> tcp 207.105.X.95:4589 192.168.5.89:4589 64.157.165.236:80
> 64.157.165.236:80
> tcp 207.105.X.95:443 192.168.5.6:443 ---
> ---
> tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1494
> 24.53.229.36:1494
> tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1496
> 24.53.229.36:149



 
Reply With Quote
 
 
 
 
Dennis
Guest
Posts: n/a
 
      03-01-2004
That article on cisco's site doesn't work. Also I need it for NAT not
PAT. Although if I saw it work with PAT I would change it to PAT.

D
 
Reply With Quote
 
Dennis
Guest
Posts: n/a
 
      03-01-2004
Oh my god. I banged my head on this for days. The freaking VPN
server had an incorrect gateway address.

It works.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pptp & gre & cisco 2801 & VPN not working vall Cisco 0 11-08-2011 06:41 PM
GRE Tunnel through A cisco Router djpuckett Cisco 0 08-04-2009 02:28 PM
Absurd PPTP problems: PPTP out no longer works. Elia Spadoni Cisco 15 04-01-2008 07:40 AM
PPTP / GRE port forwarding someone@somewhere Cisco 1 09-16-2005 03:07 PM
pptp & gre & cisco & 2600 & VPN & not working thamdy@quixnet.net Cisco 3 02-07-2005 06:18 AM



Advertisments