Gre through cisco router to Microsoft PPTP server trouble.

Discussion in 'Cisco' started by Dennis, Feb 29, 2004.

  1. Dennis

    Dennis Guest

    I've been trying for days to get GRE through our router to a Microsoft
    windows 2000 RRAS server at 192.168.5.8 If any of you gurus could
    take a look at this and tell me what I'm doing wrong I'd appreciate
    it.


    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname ABI_Router
    !
    logging queue-limit 100
    enable secret 5 $1$ahqm$NwBLKy2EwFM.kIS4MLMHk1
    enable password 7 09585C480A114300
    !
    username admin password 7 06024E3B56425A5915051B1D09082F2C21686260
    ip subnet-zero
    no ip source-route
    !
    !
    no ip domain lookup
    ip name-server 206.13.28.12
    !
    no ip bootp server
    ip inspect audit-trail
    ip inspect name abifw ftp timeout 3600
    ip inspect name abifw http timeout 3600
    ip inspect name abifw rcmd timeout 3600
    ip inspect name abifw cuseeme timeout 3600
    ip inspect name abifw smtp timeout 3600
    ip inspect name abifw udp timeout 3600
    ip inspect name abifw tcp timeout 3600
    ip inspect name abifw realaudio timeout 3600
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    interface Ethernet0
    description connected to Internet
    ip address 207.105.X.95 255.255.255.0
    ip access-group 130 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    no ip route-cache
    full-duplex
    no cdp enable
    !
    interface FastEthernet0
    description connected to EthernetLAN
    ip address 192.168.5.99 255.255.255.0
    no ip proxy-arp
    ip nat inside
    ip inspect abifw in
    no ip route-cache
    speed auto
    full-duplex
    no cdp enable
    !
    interface Serial0
    no ip address
    encapsulation frame-relay IETF
    shutdown
    !
    interface Serial0.1 point-to-point
    description INTERNET
    ip address 209.79.X.162 255.255.255.128
    shutdown
    frame-relay interface-dlci 16
    !
    router rip
    version 2
    passive-interface Ethernet0
    network 192.168.5.0
    network 207.105.132.0
    no auto-summary
    !
    ip nat translation timeout 300
    ip nat inside source list 101 interface Ethernet0 overload
    ip nat inside source static tcp 192.168.5.11 6000 interface Ethernet0
    6000
    ip nat inside source static tcp 192.168.5.11 80 interface Ethernet0
    8080
    ip nat inside source static tcp 192.168.5.6 80 interface Ethernet0 80
    ip nat inside source static tcp 192.168.5.6 25 interface Ethernet0 25
    ip nat inside source static tcp 192.168.5.6 110 interface Ethernet0
    110
    ip nat inside source static tcp 192.168.5.6 443 interface Ethernet0
    443
    ip nat inside source static tcp 192.168.5.8 1723 207.105.132.96 1723
    extendable
    ip nat inside source static 192.168.5.8 207.105.X.96 extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 207.105.132.65
    ip route 192.168.7.0 255.255.255.0 192.168.5.2
    ip route 192.168.8.0 255.255.255.0 192.168.5.2
    ip route 192.168.9.0 255.255.255.0 192.168.5.2
    ip http server
    !
    !
    logging 192.168.5.5
    access-list 2 permit 192.168.5.0 0.0.0.255
    access-list 101 permit ip any any
    access-list 101 permit gre any any
    access-list 130 permit tcp any any eq www
    access-list 130 permit tcp any any eq 8080
    access-list 130 permit tcp any any eq smtp
    access-list 130 permit tcp any any eq pop3
    access-list 130 permit tcp any any eq 443
    access-list 130 permit udp any any eq domain
    access-list 130 permit tcp any any eq 6000
    access-list 130 permit icmp any any
    access-list 130 permit gre any any
    access-list 130 permit tcp any any eq 1723
    snmp-server community public RO
    snmp-server enable traps tty
    !
    line con 0
    exec-timeout 0 0
    password 7 060E0E285E59001D00
    login
    line aux 0
    line vty 0 4
    password 7 044F19471C35185C
    login
    !
    end


    When I do a show IP Nat translations I see it trying to work over
    1723, but no GRE. Any help would be greatly appreciated as I'm about
    ready to lose it.

    tcp 207.105.X.96:1723 192.168.5.8:1723 24.176.233.215:3568
    24.176.233.215:3568
    tcp 207.105.X.95:6000 192.168.5.11:6000 ---
     
    Dennis, Feb 29, 2004
    #1
    1. Advertisements

  2. Cisco IOS Software Releases 12.1 T and later support PPTP pass through or
    PPTP over PAT feature. For more information, see the "NAT - Support for PPTP
    in an Overload (Port Address Translation) Configuration" section in Cisco
    IOS Software 12.1 T Early Deployment Release Series. To configure PPTP over
    PAT or PPTP pass through on a Cisco IOS router, please refer to IP
    Tunneling - Configuring PPTP Through PAT to a Microsoft PPTP Server.
     
    Martin Bilgrav, Feb 29, 2004
    #2
    1. Advertisements

  3. Dennis

    Dennis Guest

    That article on cisco's site doesn't work. Also I need it for NAT not
    PAT. Although if I saw it work with PAT I would change it to PAT.

    D
     
    Dennis, Mar 1, 2004
    #3
  4. Dennis

    Dennis Guest

    Oh my god. I banged my head on this for days. The freaking VPN
    server had an incorrect gateway address.

    It works.
     
    Dennis, Mar 1, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.