VPDN on Cisco 877w

I set up a vpn on my router, I can't connect from outside but I can from inside the network, I get IP address assigned from the local pool. I opened gre and tcp 1723, still no connection. Any help will much appreciated.

sh run
Building configuration...

Current configuration : 5603 bytes
!
! Last configuration change at 16:01:07 Manch Fri Jul 17 2009
! NVRAM config last updated at 15:59:39 Manch Fri Jul 17 2009 by mathelize
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
enable secret 5 blabla
!
aaa new-model
!
!
aaa authentication ppp default local
--More-- !
!
aaa session-id common
clock timezone Manch 1
!
dot11 ssid WLAN
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 blabla
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.10
!
ip dhcp pool WIRELESS
import all
--More-- network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name mathelize.com
dns-server 208.67.222.222
lease 7
!
!
ip ssh time-out 30
ip ssh authentication-retries 5
!
multilink bundle-name authenticated
vpdn enable
vpdn history failure table-size 30
!
vpdn-group MATHELIZE-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel password 7
!
!
crypto pki trustpoint TP-self-signed-3255672364
--More-- enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3255672364
revocation-check none
rsakeypair TP-self-signed-3255672364
!
!
crypto pki certificate chain TP-self-signed-3255672364
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323535 36373233 3634301E 170D3039 30373032 31353232
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32353536
37323336 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D429 00F97594 F2E1E0C2 EE98A986 27CEEE74 59A9EA8E 1C8B417A 183DF5EA
C2B1E534 A58AA7EA 0ECE9601 A4567734 AA10C959 CE17594C E7C41437 3171BE75
40B725F6 B1FB9C7D F253BA04 4F75C1E9 825B5A82 2B8F9817 3ADD910C B8665049
B69ACE9F 0F2C3BA3 8BCA4313 F20384BF C17F1ED6 EF3BD8A8 83E1F552 5DBE2463
6D670203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07476174 65776179 301F0603 551D2304 18301680 1410677D
0406F19F 1C7317AD 7E8F9467 30D5BF82 EB301D06 03551D0E 04160414 10677D04
06F19F1C 7317AD7E 8F946730 D5BF82EB 300D0609 2A864886 F70D0101 04050003
81810052 56A6327E F935D658 9CDBDB74 A82B8D2C 9C4521EC D07DF6C2 DEDB23FD
--More-- 6CC4CBED 95B55F86 C4CB947D 19165074 C06BFD7F 2F395887 3FF5A939 D59F0D45
C090131F EE021F99 52446BC2 341EF52E EDF346BD 053AB97B 23E0E679 A09547EA
89404C0D 405DD2E1 0995DA92 6E1F55FE 5BFB619E B10FBF05 A73E99E2 362EBB18 ECF206
quit
!
!
username user privilege 15 password 7 blabla
!
!
!
bridge irb
!
!
!
interface Loopback4
ip address 4.4.4.4 255.255.255.255
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
--More-- !
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered BVI1
peer default ip address pool MATHELIZE-POOL
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid WLAN
--More-- !
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Dialer0
description OUTSIDE
ip address negotiated
--More-- ip access-group 102 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname username@btinternet.com
ppp chap password 7 blabla
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 out
ip nat inside
ip virtual-reassembly
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 2
network 192.168.1.0 0.0.0.255 area 2
--More-- !
ip local pool MATHELIZE-POOL 192.168.1.192 192.168.1.199
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
access-list 100 permit ip any any
access-list 102 permit gre any any
access-list 102 permit tcp any host 192.168.1.1 eq 1723
access-list 102 permit ip any any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
--More-- banner motd ^C
************************************************
LOG ON AND DIE A SLOW & PAINFUL DEATH
************************************************
^C
!
line con 0
password 7 password
logging synchronous
no modem enable
line aux 0
password 7 password
logging synchronous
line vty 0 4
access-class 1 in
exec-timeout 30 0
password 7 password
logging synchronous
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17177307
ntp source Dialer0
--More-- ntp server 130.88.200.4
end

Gateway#

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

mathelize

Problem solved, will paste config later to help those who might be in need.

allegiance

mathelize wrote: »

So, no solution from anyone?

What I would try is to set it up using SDM, then once you get that working, look at the configuration at compare.

However if it is working internally but not externally, I would say it's a port forwarding issue or the firewall is blocking it.

mathelize

sh run
Building configuration...

Current configuration : 5395 bytes
!
! Last configuration change at 00:03:36 Manch Sun Jul 19 2009 by mathelize
! NVRAM config last updated at 11:18:37 Manch Sat Jul 18 2009 by mathelize
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
enable secret 5 blabla.
!
aaa new-model
!
!
aaa authentication ppp default local
!
!
aaa session-id common
clock timezone Manch 1
!
dot11 ssid WLAN
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 blabla
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.1 192.168.1.20
ip dhcp excluded-address 192.168.1.200 192.168.1.210
!
ip dhcp pool WIRELESS
import all
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222
default-router 192.168.1.1
domain-name mathelize.com
lease 7
!
!
no ip domain lookup
ip ssh time-out 30
ip ssh authentication-retries 5
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group MATHELIZE-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel password 7
!
!
crypto pki trustpoint TP-self-signed-3255672364
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3255672364
revocation-check none
rsakeypair TP-self-signed-3255672364

username mathelize privilege 15 password 7 blabla
username samuel password 7 blabla
username david password 7 blabla
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto

interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Dialer0
peer default ip address pool MATHELIZE-POOL
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid WLAN
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Dialer0
description OUTSIDE
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp chap hostname blabla@btinternet.com
ppp chap password 7 blabla
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool MATHELIZE-POOL 192.168.1.200 192.168.1.210
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner motd ^C
************************************************
LOG ON AND DIE A SLOW & PAINFUL DEATH
************************************************
^C
!
line con 0
password 7 blabla
logging synchronous
no modem enable
line aux 0
password 7blabla
logging synchronous
line vty 0 4
access-class 1 in
exec-timeout 30 0
password 7 blabla
logging synchronous
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175001
ntp server 62.112.195.17
ntp server 194.29.130.252
end

Gateway#sh conf

Using 4058 out of 131072 bytes
!
! Last configuration change at 11:04:43 Manch Sat Jul 18 2009 by mathelize
! NVRAM config last updated at 11:18:37 Manch Sat Jul 18 2009 by mathelize
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
enable secret 5 blabla.
!
aaa new-model
!
!
aaa authentication ppp default local
!
aaa session-id common
clock timezone Manch 1
!
dot11 ssid WLAN
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 blabla
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.1 192.168.1.20
ip dhcp excluded-address 192.168.1.200 192.168.1.210
!
ip dhcp pool WIRELESS
import all
network 192.168.1.0 255.255.255.0
dns-server 208.67.222.222
default-router 192.168.1.1
domain-name mathelize.com
lease 7
!
!
no ip domain lookup
ip ssh time-out 30
ip ssh authentication-retries 5
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group MATHELIZE-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel password 7
!
!
crypto pki trustpoint TP-self-signed-3255672364
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3255672364
revocation-check none
rsakeypair TP-self-signed-3255672364
!
!
crypto pki certificate chain TP-self-signed-3255672364
certificate self-signed 01 nvram:IOS-Self-Sig#42.cer
!
!
username mathelize privilege 15 password 7blabla
username samuel password 7 blabla
username david password 7 blabla
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Dialer0
peer default ip address pool MATHELIZE-POOL
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid WLAN
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface Dialer0
description OUTSIDE
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp chap hostname blabla@btinternet.com
ppp chap password 7 blabla
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool MATHELIZE-POOL 192.168.1.200 192.168.1.210
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner motd ^C
************************************************
LOG ON AND DIE A SLOW & PAINFUL DEATH
************************************************
^C
!
line con 0
password 7 blabla
logging synchronous
no modem enable
line aux 0
password 7 blabla
logging synchronous
line vty 0 4
access-class 1 in
exec-timeout 30 0
password 7 blabla
logging synchronous
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17177950
ntp server 62.112.195.17
ntp server 194.29.130.252
end

Gateway#sh ver

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(11)XJ3, RELEASE SOFTWARE (fc1)
Synched to technology version 12.4(11)T
Technical Support: Cisco - Shortcut
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 25-Apr-07 14:27 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

Gateway uptime is 1 day, 3 minutes
System returned to ROM by reload at 10:24:27 Manch Sat Jul 18 2009
System restarted at 10:25:16 Manch Sat Jul 18 2009
System image file is "flash:c870-advipservicesk9-mz.124-11.XJ3"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
Export Compliance Product Report Application

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FCZ11292069
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 802.11 Radio
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Gateway#