Announcement

Collapse
No announcement yet.

VPN pass-through Cisco 1841

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN pass-through Cisco 1841

    Hi there,

    I have zywall p1 behind our cisco 1841 and i'm trying to pass-through vpn on a cisco 1841. ZyWAll p1 is terminator on the inside network and its ip address is : 172.16.178.1. But, zywall p1 is not our device its from other agency with which we need to establish vpn. I can telnet on zywall but dont know auth info (password). I'm not any network specialist, so any help is appreciated. Thanks!

    Net map:



    Here is my configuration on Cisco 1841:

    cisco#sh run

    Building configuration...


    Current configuration : 4072 bytes

    !

    version 12.4

    no service pad

    service tcp-keepalives-in

    service tcp-keepalives-out

    service timestamps debug datetime msec localtime show-timezone

    service timestamps log datetime msec localtime show-timezone

    service password-encryption

    service sequence-numbers

    !

    hostname cisco

    !

    boot-start-marker

    boot-end-marker

    !

    security authentication failure rate 3 log

    security passwords min-length 6

    no logging on

    !

    no aaa new-model

    !

    resource policy

    !

    clock timezone CST -1

    clock summer-time CDT recurring

    mmi polling-interval 60

    no mmi auto-configure

    no mmi pvc

    mmi snmp-timeout 180

    ip subnet-zero

    no ip source-route

    ip cef

    !

    !

    ip tcp synwait-time 10

    no ip dhcp use vrf connected

    !

    !

    no ip bootp server

    ip domain name mmmmm

    ip name-server 195.x.x.x

    ip name-server 195.x.x.x

    !

    !

    !

    !

    interface FastEthernet0/0

    description LAN$ES_LAN$

    ip address 10.0.1.1 255.255.255.0

    no ip redirects

    no ip unreachables

    no ip proxy-arp

    ip nat inside

    ip route-cache flow

    duplex auto

    speed auto

    no mop enabled

    !

    interface FastEthernet0/1

    description WAN

    ip address 92.x.x.x 255.255.255.252 secondary

    ip address 80.x.x.x 255.255.255.192

    ip access-group 101 in

    ip verify unicast reverse-path

    no ip redirects

    no ip unreachables

    no ip proxy-arp

    ip nat outside

    ip route-cache flow

    duplex auto

    speed auto

    no mop enabled

    !

    interface Serial0/0/0

    no ip address

    no ip redirects

    no ip unreachables

    no ip proxy-arp

    ip route-cache flow

    shutdown

    !

    ip classless

    ip route 0.0.0.0 0.0.0.0 80.x.x.1

    ip route 10.0.0.0 255.255.255.0 10.0.1.10

    !

    ip http server

    ip http authentication local

    ip nat inside source list AllowNAT interface FastEthernet0/1 overload

    ip nat inside source static udp 10.0.1.10 500 80.x.x.x 500 extendable

    ip nat inside source static tcp 10.0.1.10 1723 80.x.x.x 1723 extendable

    !

    ip access-list extended AllowNAT

    permit tcp any any eq 1723

    permit tcp any any

    permit udp any any eq isakmp

    permit udp any any

    permit ip any any

    !

    no logging trap



    no cdp run

    !

    control-plane

    !

    !

    line con 0

    line aux 0

    line vty 0 4

    !

    scheduler allocate 4000 1000

    end

    Thanks in advance!
    Last edited by mursel; 9th March 2012, 02:10.

  • #2
    Re: VPN pass-through Cisco 1841

    Make sure tcp port 1723 and protocol 47 (GRE) is allowed inbound from the outside.

    Your NAT ACL's are kind of strange as well. You mention no source addresses and just use an "any".
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: VPN pass-through Cisco 1841

      Your router doesn't seem to have an interface (logical or physical) in the 172.16.0.0 range. So it won't be able to talk to the host 172.16.178.1

      Comment


      • #4
        Re: VPN pass-through Cisco 1841

        Can you try not to post any real public Ip info for your own sake. Any fictitious one will do so everyone gets the point.
        Reported to one of the mods for masking.
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: VPN pass-through Cisco 1841

          New screenshot:



          Is this even posible: to nat this 92.36.x.x on cisco to zywall p1 92.36.x.x??

          Comment

          Working...
          X