Announcement

Collapse
No announcement yet.

PPTP with Cisco 877W

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PPTP with Cisco 877W

    I have changed router recently and have found that my XP PPTP client does not now work with the cisco 877w.

    basically I connect to a few networks using the XP PPTP VPN facility. This worked fine with the Draytek but just wont authenticate.

    I have looked at Application Security in SDM and ticked the PPTP box but the Authentication process does not happen.

    Any ideas

  • #2
    Re: PPTP with Cisco 877W

    I have also managed to include on the outbound the following ACL info

    access-list 111 permit tcp any any eq 1723
    access-list 111 permit gre any any

    I thought that this should do it.

    But no dice

    Comment


    • #3
      Re: PPTP with Cisco 877W

      Hi Darren,

      Are you still experiencing this?

      If so, what is Draytek?

      What kind of authentication are you doing? Local or to a RADIUS server?

      Can you paste in your crypto (VPN) configs?

      Thanks,
      David
      David Davis - Petri Forums Moderator & Video Training Author
      Train Signal - The Global Leader in IT Video Training
      TrainSignalTraining.com - Free IT Training Products
      Personal Websites: HappyRouter.com & VMwareVideos.com

      Comment


      • #4
        Re: PPTP with Cisco 877W

        I have set up a Easy VPN Server on the 877W but after investigation i think I need to add a NAT entry and some ACls so that I can connect to the Draytek routers over PPTP.

        ip http server
        ip http authentication local
        ip http secure-server
        ip http timeout-policy idle 60 life 86400 requests 10000
        ip nat inside source static tcp 192.168.10.60 1723 interface Dialer0 1723
        ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
        ip nat inside source static tcp 192.168.10.1 443 interface Dialer0 443
        ip nat inside source static tcp 192.168.10.1 25 interface Dialer0 25
        ip nat inside source static tcp 192.168.10.1 80 interface Dialer0 80
        !
        logging trap debugging
        access-list 1 remark INSIDE_IF=BVI1
        access-list 1 remark SDM_ACL Category=2
        access-list 1 permit 192.168.10.0 0.0.0.255
        access-list 100 remark auto generated by SDM firewall configuration
        access-list 100 remark SDM_ACL Category=1
        access-list 100 permit udp host 192.168.10.1 eq domain any
        access-list 100 deny ip 91.84.41.228 0.0.0.3 any
        access-list 100 deny ip host 255.255.255.255 any
        access-list 100 deny ip 127.0.0.0 0.255.255.255 any
        access-list 100 permit ip any any
        access-list 100 remark PPTP
        access-list 100 permit tcp any any eq 1723
        access-list 100 permit gre any any
        access-list 101 remark auto generated by SDM firewall configuration
        access-list 101 remark SDM_ACL Category=1
        access-list 101 permit ip host 192.168.10.150 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.151 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.152 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.153 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.154 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.155 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.156 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.157 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.158 192.168.10.0 0.0.0.255
        access-list 101 permit ip host 192.168.10.159 192.168.10.0 0.0.0.255
        access-list 101 permit udp any host 91.84.41.229 eq non500-isakmp
        access-list 101 permit udp any host 91.84.41.229 eq isakmp
        access-list 101 permit esp any host 91.84.41.229
        access-list 101 permit ahp any host 91.84.41.229
        access-list 101 permit udp host 212.104.130.65 eq domain any
        access-list 101 permit udp host 212.104.130.9 eq domain any
        access-list 101 permit tcp any host 91.84.41.229 eq www
        access-list 101 permit tcp any host 91.84.41.229 eq smtp
        access-list 101 permit tcp any host 91.84.41.229 eq 443
        access-list 101 permit udp host 212.104.130.65 eq domain host 91.84.41.229
        access-list 101 permit udp host 212.104.130.9 eq domain host 91.84.41.229
        access-list 101 deny ip 192.168.10.0 0.0.0.255 any
        access-list 101 permit icmp any host 91.84.41.229 echo-reply
        access-list 101 permit icmp any host 91.84.41.229 time-exceeded
        access-list 101 permit icmp any host 91.84.41.229 unreachable
        access-list 101 deny ip 10.0.0.0 0.255.255.255 any
        access-list 101 deny ip 172.16.0.0 0.15.255.255 any
        access-list 101 deny ip 192.168.0.0 0.0.255.255 any
        access-list 101 deny ip 127.0.0.0 0.255.255.255 any
        access-list 101 deny ip host 255.255.255.255 any
        access-list 101 deny ip host 0.0.0.0 any
        access-list 101 deny ip any any log
        access-list 101 permit tcp any eq 1723 any eq 1723
        access-list 101 permit gre any any
        access-list 102 remark SDM_ACL Category=4
        access-list 102 permit ip 192.168.10.0 0.0.0.255 any
        access-list 103 remark SDM_ACL Category=2
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.150
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.151
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.152
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.153
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.154
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.155
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.156
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.157
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.158
        access-list 103 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.159
        access-list 103 permit ip 192.168.10.0 0.0.0.255 any
        dialer-list 1 protocol ip permit
        no cdp run
        route-map SDM_RMAP_1 permit 1
        match ip address 103

        Comment

        Working...
        X