VPDN on Cisco 877w

mathelizemathelize Member Posts: 66 ■■□□□□□□□□
I set up a vpn on my router, I can't connect from outside but I can from inside the network, I get IP address assigned from the local pool. I opened gre and tcp 1723, still no connection. Any help will much appreciated.

sh run
Building configuration...

Current configuration : 5603 bytes
!
! Last configuration change at 16:01:07 Manch Fri Jul 17 2009
! NVRAM config last updated at 15:59:39 Manch Fri Jul 17 2009 by mathelize
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
enable secret 5 blabla
!
aaa new-model
!
!
aaa authentication ppp default local
--More-- !
!
aaa session-id common
clock timezone Manch 1
!
dot11 ssid WLAN
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 blabla
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.10
!
ip dhcp pool WIRELESS
import all
--More-- network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name mathelize.com
dns-server 208.67.222.222
lease 7
!
!
ip ssh time-out 30
ip ssh authentication-retries 5
!
multilink bundle-name authenticated
vpdn enable
vpdn history failure table-size 30
!
vpdn-group MATHELIZE-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel password 7
!
!
crypto pki trustpoint TP-self-signed-3255672364
--More-- enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3255672364
revocation-check none
rsakeypair TP-self-signed-3255672364
!
!
crypto pki certificate chain TP-self-signed-3255672364
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323535 36373233 3634301E 170D3039 30373032 31353232
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32353536
37323336 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D429 00F97594 F2E1E0C2 EE98A986 27CEEE74 59A9EA8E 1C8B417A 183DF5EA
C2B1E534 A58AA7EA 0ECE9601 A4567734 AA10C959 CE17594C E7C41437 3171BE75
40B725F6 B1FB9C7D F253BA04 4F75C1E9 825B5A82 2B8F9817 3ADD910C B8665049
B69ACE9F 0F2C3BA3 8BCA4313 F20384BF C17F1ED6 EF3BD8A8 83E1F552 5DBE2463
6D670203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07476174 65776179 301F0603 551D2304 18301680 1410677D
0406F19F 1C7317AD 7E8F9467 30D5BF82 EB301D06 03551D0E 04160414 10677D04
06F19F1C 7317AD7E 8F946730 D5BF82EB 300D0609 2A864886 F70D0101 04050003
81810052 56A6327E F935D658 9CDBDB74 A82B8D2C 9C4521EC D07DF6C2 DEDB23FD
--More-- 6CC4CBED 95B55F86 C4CB947D 19165074 C06BFD7F 2F395887 3FF5A939 D59F0D45
C090131F EE021F99 52446BC2 341EF52E EDF346BD 053AB97B 23E0E679 A09547EA
89404C0D 405DD2E1 0995DA92 6E1F55FE 5BFB619E B10FBF05 A73E99E2 362EBB18 ECF206
quit
!
!
username user privilege 15 password 7 blabla
!
!
!
bridge irb
!
!
!
interface Loopback4
ip address 4.4.4.4 255.255.255.255
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
--More-- !
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered BVI1
peer default ip address pool MATHELIZE-POOL
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid WLAN
--More-- !
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Dialer0
description OUTSIDE
ip address negotiated
--More-- ip access-group 102 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname [email protected]
ppp chap password 7 blabla
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 out
ip nat inside
ip virtual-reassembly
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 2
network 192.168.1.0 0.0.0.255 area 2
--More-- !
ip local pool MATHELIZE-POOL 192.168.1.192 192.168.1.199
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
access-list 100 permit ip any any
access-list 102 permit gre any any
access-list 102 permit tcp any host 192.168.1.1 eq 1723
access-list 102 permit ip any any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
--More-- banner motd ^C
************************************************
LOG ON AND DIE A SLOW & PAINFUL DEATH
************************************************
^C
!
line con 0
password 7 password
logging synchronous
no modem enable
line aux 0
password 7 password
logging synchronous
line vty 0 4
access-class 1 in
exec-timeout 30 0
password 7 password
logging synchronous
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17177307
ntp source Dialer0
--More-- ntp server 130.88.200.4
end

Gateway#
In my Lab
I have access to any cisco equipment I need

Comments

  • mathelizemathelize Member Posts: 66 ■■□□□□□□□□
    Problem solved, will paste config later to help those who might be in need.
    In my Lab
    I have access to any cisco equipment I need
  • allegianceallegiance Member Posts: 25 ■□□□□□□□□□
    mathelize wrote: »
    So, no solution from anyone?

    What I would try is to set it up using SDM, then once you get that working, look at the configuration at compare.

    However if it is working internally but not externally, I would say it's a port forwarding issue or the firewall is blocking it.
  • mathelizemathelize Member Posts: 66 ■■□□□□□□□□
    sh run
    Building configuration...

    Current configuration : 5395 bytes
    !
    ! Last configuration change at 00:03:36 Manch Sun Jul 19 2009 by mathelize
    ! NVRAM config last updated at 11:18:37 Manch Sat Jul 18 2009 by mathelize
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Gateway
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 blabla.
    !
    aaa new-model
    !
    !
    aaa authentication ppp default local
    !
    !
    aaa session-id common
    clock timezone Manch 1
    !
    dot11 ssid WLAN
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 blabla
    !
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.50
    ip dhcp excluded-address 192.168.1.1 192.168.1.20
    ip dhcp excluded-address 192.168.1.200 192.168.1.210
    !
    ip dhcp pool WIRELESS
    import all
    network 192.168.1.0 255.255.255.0
    dns-server 208.67.222.222
    default-router 192.168.1.1
    domain-name mathelize.com
    lease 7
    !
    !
    no ip domain lookup
    ip ssh time-out 30
    ip ssh authentication-retries 5
    !
    multilink bundle-name authenticated
    vpdn enable
    !
    vpdn-group MATHELIZE-VPN
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    l2tp tunnel password 7
    !
    !
    crypto pki trustpoint TP-self-signed-3255672364
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3255672364
    revocation-check none
    rsakeypair TP-self-signed-3255672364

    username mathelize privilege 15 password 7 blabla
    username samuel password 7 blabla
    username david password 7 blabla
    !
    !
    !
    bridge irb
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto

    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Virtual-Template1
    ip unnumbered Dialer0
    peer default ip address pool MATHELIZE-POOL
    ppp encrypt mppe auto
    ppp authentication ms-chap ms-chap-v2
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    ssid WLAN
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    !
    interface Dialer0
    description OUTSIDE
    ip address negotiated
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    ppp chap hostname [email protected]
    ppp chap password 7 blabla
    !
    interface BVI1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    ip local pool MATHELIZE-POOL 192.168.1.200 192.168.1.210
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    ip http secure-server
    ip nat inside source list 100 interface Dialer0 overload
    !
    access-list 1 permit 192.168.0.0 0.0.255.255
    access-list 100 permit ip 192.168.1.0 0.0.0.255 any
    access-list 100 permit ip 192.168.2.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    !
    !
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner motd ^C
    ************************************************
    LOG ON AND DIE A SLOW & PAINFUL DEATH
    ************************************************
    ^C
    !
    line con 0
    password 7 blabla
    logging synchronous
    no modem enable
    line aux 0
    password 7blabla
    logging synchronous
    line vty 0 4
    access-class 1 in
    exec-timeout 30 0
    password 7 blabla
    logging synchronous
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    ntp clock-period 17175001
    ntp server 62.112.195.17
    ntp server 194.29.130.252
    end










    Gateway#sh conf


    Using 4058 out of 131072 bytes
    !
    ! Last configuration change at 11:04:43 Manch Sat Jul 18 2009 by mathelize
    ! NVRAM config last updated at 11:18:37 Manch Sat Jul 18 2009 by mathelize
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Gateway
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 blabla.
    !
    aaa new-model
    !
    !
    aaa authentication ppp default local
    !
    aaa session-id common
    clock timezone Manch 1
    !
    dot11 ssid WLAN
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 blabla
    !
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.50
    ip dhcp excluded-address 192.168.1.1 192.168.1.20
    ip dhcp excluded-address 192.168.1.200 192.168.1.210
    !
    ip dhcp pool WIRELESS
    import all
    network 192.168.1.0 255.255.255.0
    dns-server 208.67.222.222
    default-router 192.168.1.1
    domain-name mathelize.com
    lease 7
    !
    !
    no ip domain lookup
    ip ssh time-out 30
    ip ssh authentication-retries 5
    !
    multilink bundle-name authenticated
    vpdn enable
    !
    vpdn-group MATHELIZE-VPN
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    l2tp tunnel password 7
    !
    !
    crypto pki trustpoint TP-self-signed-3255672364
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3255672364
    revocation-check none
    rsakeypair TP-self-signed-3255672364
    !
    !
    crypto pki certificate chain TP-self-signed-3255672364
    certificate self-signed 01 nvram:IOS-Self-Sig#42.cer
    !
    !
    username mathelize privilege 15 password 7blabla
    username samuel password 7 blabla
    username david password 7 blabla
    !
    !
    !
    bridge irb
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Virtual-Template1
    ip unnumbered Dialer0
    peer default ip address pool MATHELIZE-POOL
    ppp encrypt mppe auto
    ppp authentication ms-chap ms-chap-v2
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    ssid WLAN
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    !
    interface Dialer0
    description OUTSIDE
    ip address negotiated
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    ppp chap hostname [email protected]
    ppp chap password 7 blabla
    !
    interface BVI1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    ip local pool MATHELIZE-POOL 192.168.1.200 192.168.1.210
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    ip http secure-server
    ip nat inside source list 100 interface Dialer0 overload
    !
    access-list 1 permit 192.168.0.0 0.0.255.255
    access-list 100 permit ip 192.168.1.0 0.0.0.255 any
    access-list 100 permit ip 192.168.2.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    !
    !
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner motd ^C
    ************************************************
    LOG ON AND DIE A SLOW & PAINFUL DEATH
    ************************************************
    ^C
    !
    line con 0
    password 7 blabla
    logging synchronous
    no modem enable
    line aux 0
    password 7 blabla
    logging synchronous
    line vty 0 4
    access-class 1 in
    exec-timeout 30 0
    password 7 blabla
    logging synchronous
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    ntp clock-period 17177950
    ntp server 62.112.195.17
    ntp server 194.29.130.252
    end



    Gateway#sh ver


    Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(11)XJ3, RELEASE SOFTWARE (fc1)
    Synched to technology version 12.4(11)T
    Technical Support: Cisco - Shortcut
    Copyright (c) 1986-2007 by Cisco Systems, Inc.
    Compiled Wed 25-Apr-07 14:27 by prod_rel_team

    ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

    Gateway uptime is 1 day, 3 minutes
    System returned to ROM by reload at 10:24:27 Manch Sat Jul 18 2009
    System restarted at 10:25:16 Manch Sat Jul 18 2009
    System image file is "flash:c870-advipservicesk9-mz.124-11.XJ3"
    Last reload reason: Reload Command



    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    Export Compliance Product Report Application

    If you require further assistance please contact us by sending email to
    [email protected].

    Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
    Processor board ID FCZ11292069
    MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
    4 FastEthernet interfaces
    1 ATM interface
    1 802.11 Radio
    128K bytes of non-volatile configuration memory.
    28672K bytes of processor board System flash (Intel Strataflash)

    Configuration register is 0x2102

    Gateway#
    In my Lab
    I have access to any cisco equipment I need
Sign In or Register to comment.