Gre through cisco router to Microsoft PPTP server trouble.

Discussion in 'Cisco' started by Dennis, Feb 29, 2004.

  1. Dennis

    Dennis Guest

    I've been trying for days to get GRE through our router to a Microsoft
    windows 2000 RRAS server at 192.168.5.8 If any of you gurus could
    take a look at this and tell me what I'm doing wrong I'd appreciate
    it.


    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname ABI_Router
    !
    logging queue-limit 100
    enable secret 5 $1$ahqm$NwBLKy2EwFM.kIS4MLMHk1
    enable password 7 09585C480A114300
    !
    username admin password 7 06024E3B56425A5915051B1D09082F2C21686260
    ip subnet-zero
    no ip source-route
    !
    !
    no ip domain lookup
    ip name-server 206.13.28.12
    !
    no ip bootp server
    ip inspect audit-trail
    ip inspect name abifw ftp timeout 3600
    ip inspect name abifw http timeout 3600
    ip inspect name abifw rcmd timeout 3600
    ip inspect name abifw cuseeme timeout 3600
    ip inspect name abifw smtp timeout 3600
    ip inspect name abifw udp timeout 3600
    ip inspect name abifw tcp timeout 3600
    ip inspect name abifw realaudio timeout 3600
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    interface Ethernet0
    description connected to Internet
    ip address 207.105.X.95 255.255.255.0
    ip access-group 130 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    no ip route-cache
    full-duplex
    no cdp enable
    !
    interface FastEthernet0
    description connected to EthernetLAN
    ip address 192.168.5.99 255.255.255.0
    no ip proxy-arp
    ip nat inside
    ip inspect abifw in
    no ip route-cache
    speed auto
    full-duplex
    no cdp enable
    !
    interface Serial0
    no ip address
    encapsulation frame-relay IETF
    shutdown
    !
    interface Serial0.1 point-to-point
    description INTERNET
    ip address 209.79.X.162 255.255.255.128
    shutdown
    frame-relay interface-dlci 16
    !
    router rip
    version 2
    passive-interface Ethernet0
    network 192.168.5.0
    network 207.105.132.0
    no auto-summary
    !
    ip nat translation timeout 300
    ip nat inside source list 101 interface Ethernet0 overload
    ip nat inside source static tcp 192.168.5.11 6000 interface Ethernet0
    6000
    ip nat inside source static tcp 192.168.5.11 80 interface Ethernet0
    8080
    ip nat inside source static tcp 192.168.5.6 80 interface Ethernet0 80
    ip nat inside source static tcp 192.168.5.6 25 interface Ethernet0 25
    ip nat inside source static tcp 192.168.5.6 110 interface Ethernet0
    110
    ip nat inside source static tcp 192.168.5.6 443 interface Ethernet0
    443
    ip nat inside source static tcp 192.168.5.8 1723 207.105.132.96 1723
    extendable
    ip nat inside source static 192.168.5.8 207.105.X.96 extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 207.105.132.65
    ip route 192.168.7.0 255.255.255.0 192.168.5.2
    ip route 192.168.8.0 255.255.255.0 192.168.5.2
    ip route 192.168.9.0 255.255.255.0 192.168.5.2
    ip http server
    !
    !
    logging 192.168.5.5
    access-list 2 permit 192.168.5.0 0.0.0.255
    access-list 101 permit ip any any
    access-list 101 permit gre any any
    access-list 130 permit tcp any any eq www
    access-list 130 permit tcp any any eq 8080
    access-list 130 permit tcp any any eq smtp
    access-list 130 permit tcp any any eq pop3
    access-list 130 permit tcp any any eq 443
    access-list 130 permit udp any any eq domain
    access-list 130 permit tcp any any eq 6000
    access-list 130 permit icmp any any
    access-list 130 permit gre any any
    access-list 130 permit tcp any any eq 1723
    snmp-server community public RO
    snmp-server enable traps tty
    !
    line con 0
    exec-timeout 0 0
    password 7 060E0E285E59001D00
    login
    line aux 0
    line vty 0 4
    password 7 044F19471C35185C
    login
    !
    end


    When I do a show IP Nat translations I see it trying to work over
    1723, but no GRE. Any help would be greatly appreciated as I'm about
    ready to lose it.

    tcp 207.105.X.96:1723 192.168.5.8:1723 24.176.233.215:3568
    24.176.233.215:3568
    tcp 207.105.X.95:6000 192.168.5.11:6000 ---
    ---
    tcp 207.105.X.95:8080 192.168.5.11:80 ---
    ---
    udp 207.105.X.95:1048 192.168.5.254:1048 207.105.132.68:53
    207.105.132.68:53
    --- 207.105.X.96 192.168.5.8 ---
    ---
    tcp 207.105.X.95:25 192.168.5.6:25 ---
    ---
    tcp 207.105.X.95:80 192.168.5.6:80 ---
    ---
    tcp 207.105.X95:110 192.168.5.6:110 --- ---
    tcp 207.105.X.95:4589 192.168.5.89:4589 64.157.165.236:80
    64.157.165.236:80
    tcp 207.105.X.95:443 192.168.5.6:443 ---
    ---
    tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1494
    24.53.229.36:1494
    tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1496
    24.53.229.36:149
    Dennis, Feb 29, 2004
    #1
    1. Advertising

  2. Cisco IOS Software Releases 12.1 T and later support PPTP pass through or
    PPTP over PAT feature. For more information, see the "NAT - Support for PPTP
    in an Overload (Port Address Translation) Configuration" section in Cisco
    IOS Software 12.1 T Early Deployment Release Series. To configure PPTP over
    PAT or PPTP pass through on a Cisco IOS router, please refer to IP
    Tunneling - Configuring PPTP Through PAT to a Microsoft PPTP Server.





    "Dennis" <> wrote in message
    news:...
    > I've been trying for days to get GRE through our router to a Microsoft
    > windows 2000 RRAS server at 192.168.5.8 If any of you gurus could
    > take a look at this and tell me what I'm doing wrong I'd appreciate
    > it.
    >
    >
    > version 12.2
    > no service pad
    > service timestamps debug datetime msec
    > service timestamps log datetime msec
    > service password-encryption
    > !
    > hostname ABI_Router
    > !
    > logging queue-limit 100
    > enable secret 5 $1$ahqm$NwBLKy2EwFM.kIS4MLMHk1
    > enable password 7 09585C480A114300
    > !
    > username admin password 7 06024E3B56425A5915051B1D09082F2C21686260
    > ip subnet-zero
    > no ip source-route
    > !
    > !
    > no ip domain lookup
    > ip name-server 206.13.28.12
    > !
    > no ip bootp server
    > ip inspect audit-trail
    > ip inspect name abifw ftp timeout 3600
    > ip inspect name abifw http timeout 3600
    > ip inspect name abifw rcmd timeout 3600
    > ip inspect name abifw cuseeme timeout 3600
    > ip inspect name abifw smtp timeout 3600
    > ip inspect name abifw udp timeout 3600
    > ip inspect name abifw tcp timeout 3600
    > ip inspect name abifw realaudio timeout 3600
    > ip audit notify log
    > ip audit po max-events 100
    > !
    > !
    > !
    > !
    > interface Ethernet0
    > description connected to Internet
    > ip address 207.105.X.95 255.255.255.0
    > ip access-group 130 in
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > ip nat outside
    > no ip route-cache
    > full-duplex
    > no cdp enable
    > !
    > interface FastEthernet0
    > description connected to EthernetLAN
    > ip address 192.168.5.99 255.255.255.0
    > no ip proxy-arp
    > ip nat inside
    > ip inspect abifw in
    > no ip route-cache
    > speed auto
    > full-duplex
    > no cdp enable
    > !
    > interface Serial0
    > no ip address
    > encapsulation frame-relay IETF
    > shutdown
    > !
    > interface Serial0.1 point-to-point
    > description INTERNET
    > ip address 209.79.X.162 255.255.255.128
    > shutdown
    > frame-relay interface-dlci 16
    > !
    > router rip
    > version 2
    > passive-interface Ethernet0
    > network 192.168.5.0
    > network 207.105.132.0
    > no auto-summary
    > !
    > ip nat translation timeout 300
    > ip nat inside source list 101 interface Ethernet0 overload
    > ip nat inside source static tcp 192.168.5.11 6000 interface Ethernet0
    > 6000
    > ip nat inside source static tcp 192.168.5.11 80 interface Ethernet0
    > 8080
    > ip nat inside source static tcp 192.168.5.6 80 interface Ethernet0 80
    > ip nat inside source static tcp 192.168.5.6 25 interface Ethernet0 25
    > ip nat inside source static tcp 192.168.5.6 110 interface Ethernet0
    > 110
    > ip nat inside source static tcp 192.168.5.6 443 interface Ethernet0
    > 443
    > ip nat inside source static tcp 192.168.5.8 1723 207.105.132.96 1723
    > extendable
    > ip nat inside source static 192.168.5.8 207.105.X.96 extendable
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 207.105.132.65
    > ip route 192.168.7.0 255.255.255.0 192.168.5.2
    > ip route 192.168.8.0 255.255.255.0 192.168.5.2
    > ip route 192.168.9.0 255.255.255.0 192.168.5.2
    > ip http server
    > !
    > !
    > logging 192.168.5.5
    > access-list 2 permit 192.168.5.0 0.0.0.255
    > access-list 101 permit ip any any
    > access-list 101 permit gre any any
    > access-list 130 permit tcp any any eq www
    > access-list 130 permit tcp any any eq 8080
    > access-list 130 permit tcp any any eq smtp
    > access-list 130 permit tcp any any eq pop3
    > access-list 130 permit tcp any any eq 443
    > access-list 130 permit udp any any eq domain
    > access-list 130 permit tcp any any eq 6000
    > access-list 130 permit icmp any any
    > access-list 130 permit gre any any
    > access-list 130 permit tcp any any eq 1723
    > snmp-server community public RO
    > snmp-server enable traps tty
    > !
    > line con 0
    > exec-timeout 0 0
    > password 7 060E0E285E59001D00
    > login
    > line aux 0
    > line vty 0 4
    > password 7 044F19471C35185C
    > login
    > !
    > end
    >
    >
    > When I do a show IP Nat translations I see it trying to work over
    > 1723, but no GRE. Any help would be greatly appreciated as I'm about
    > ready to lose it.
    >
    > tcp 207.105.X.96:1723 192.168.5.8:1723 24.176.233.215:3568
    > 24.176.233.215:3568
    > tcp 207.105.X.95:6000 192.168.5.11:6000 ---
    > ---
    > tcp 207.105.X.95:8080 192.168.5.11:80 ---
    > ---
    > udp 207.105.X.95:1048 192.168.5.254:1048 207.105.132.68:53
    > 207.105.132.68:53
    > --- 207.105.X.96 192.168.5.8 ---
    > ---
    > tcp 207.105.X.95:25 192.168.5.6:25 ---
    > ---
    > tcp 207.105.X.95:80 192.168.5.6:80 ---
    > ---
    > tcp 207.105.X95:110 192.168.5.6:110 --- ---
    > tcp 207.105.X.95:4589 192.168.5.89:4589 64.157.165.236:80
    > 64.157.165.236:80
    > tcp 207.105.X.95:443 192.168.5.6:443 ---
    > ---
    > tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1494
    > 24.53.229.36:1494
    > tcp 207.105.X.95:110 192.168.5.6:110 24.53.229.36:1496
    > 24.53.229.36:149
    Martin Bilgrav, Feb 29, 2004
    #2
    1. Advertising

  3. Dennis

    Dennis Guest

    That article on cisco's site doesn't work. Also I need it for NAT not
    PAT. Although if I saw it work with PAT I would change it to PAT.

    D
    Dennis, Mar 1, 2004
    #3
  4. Dennis

    Dennis Guest

    Oh my god. I banged my head on this for days. The freaking VPN
    server had an incorrect gateway address.

    It works.
    Dennis, Mar 1, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    4,376
  2. someone@somewhere

    PPTP / GRE port forwarding

    someone@somewhere, Sep 16, 2005, in forum: Cisco
    Replies:
    1
    Views:
    106,751
  3. DH3JHZ
    Replies:
    0
    Views:
    1,717
    DH3JHZ
    Jul 9, 2007
  4. djpuckett

    GRE Tunnel through A cisco Router

    djpuckett, Aug 4, 2009, in forum: Cisco
    Replies:
    0
    Views:
    808
    djpuckett
    Aug 4, 2009
  5. vall
    Replies:
    0
    Views:
    1,105
Loading...

Share This Page