agrikk
Gawd
- Joined
- Apr 16, 2002
- Messages
- 933
Here's my setup:
I am trying to enable client VPN from the internet using PPTP to allow them access to resources on VLAN2 but I am having problems making it work. If I connect a machine directly to VLAN1, bypassing the router, I get a VPN connection as easy as you please, so the Windows machine is set up correctly.
However, if I try to connect from the internet (from a Windows XP machine) I receive a "Error 721: The remote client did not respond" error message. Clearly the router is not forwarding things correctly, but I can't figure out what.
Here is the router config:
I added the "ip nat inside source static 10.1.0.10 99.99.99.100" command to try to forward all ports to the VPN server, but even that doesn't work. I can ping hosts on the internet from VLAN2, and I can ping the windows server interface on VLAN1 from the internet so routing is set up properly.
I'm missing something.
Here's the results of show ip nat transaltions:
The x.y.z.241 address is the internet-showing interface on my Linksys firewall. The connections on port 53 are connections to DNS servers.
I understand that to make PPTP work I need to open port TCP 1723 and allow GRE (protocol 47), but wouldn't ip nat inside source static 10.1.0.10 99.99.99.100 allow everything through?
The maddening thing is that I had it working when I would forward everything to the VLAN1 interface on the windows server, but then I powered off my router and now it doesn't work anymore, so I must have lost a configuration somewhere.
I am trying to enable client VPN from the internet using PPTP to allow them access to resources on VLAN2 but I am having problems making it work. If I connect a machine directly to VLAN1, bypassing the router, I get a VPN connection as easy as you please, so the Windows machine is set up correctly.
However, if I try to connect from the internet (from a Windows XP machine) I receive a "Error 721: The remote client did not respond" error message. Clearly the router is not forwarding things correctly, but I can't figure out what.
Here is the router config:
Code:
Lightning#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lightning
!
[stuff removed]
!
!
!
!
!
ip subnet-zero
!
!
!
process-max-time 200
!
interface Ethernet0/0
description Inside Interface
ip address 10.1.0.1 255.255.255.0
ip directed-broadcast
ip nat inside
!
interface Ethernet1/0
description Outside Interface
ip address 99.99.99.100 255.255.255.0
ip directed-broadcast
ip nat outside
!
ip nat pool mypool 99.99.99.100 99.99.99.100 prefix-length 30
ip nat inside source list 1 pool mypool overload
ip nat inside source static tcp 10.1.0.10 1723 99.99.99.100 1723 extendable
ip nat inside source static 10.1.0.10 99.99.99.100
ip classless
ip route 0.0.0.0 0.0.0.0 99.99.99.1
no ip http server
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
[stuff removed]
!
no scheduler allocate
end
I added the "ip nat inside source static 10.1.0.10 99.99.99.100" command to try to forward all ports to the VPN server, but even that doesn't work. I can ping hosts on the internet from VLAN2, and I can ping the windows server interface on VLAN1 from the internet so routing is set up properly.
I'm missing something.
Here's the results of show ip nat transaltions:
Code:
Lightning#sho ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 99.99.99.100:2996 10.1.0.10:2996 192.175.48.1:53 192.175.48.1:53
udp 99.99.99.100:3000 10.1.0.10:3000 192.175.48.1:53 192.175.48.1:53
udp 99.99.99.100:3005 10.1.0.10:3005 192.175.48.1:53 192.175.48.1:53
udp 99.99.99.100:3009 10.1.0.10:3009 192.175.48.1:53 192.175.48.1:53
tcp 99.99.99.100:1723 10.1.0.10:1723 x.y.z.241:1478 x.y.z.241:1478
udp 99.99.99.100:1038 10.1.0.10:1038 192.175.48.42:53 192.175.48.42:53
tcp 99.99.99.100:1723 10.1.0.10:1723 --- ---
udp 99.99.99.100:1038 10.1.0.10:1038 192.0.34.126:53 192.0.34.126:53
--- 99.99.99.100 10.1.0.10 --- ---
The x.y.z.241 address is the internet-showing interface on my Linksys firewall. The connections on port 53 are connections to DNS servers.
I understand that to make PPTP work I need to open port TCP 1723 and allow GRE (protocol 47), but wouldn't ip nat inside source static 10.1.0.10 99.99.99.100 allow everything through?
The maddening thing is that I had it working when I would forward everything to the VLAN1 interface on the windows server, but then I powered off my router and now it doesn't work anymore, so I must have lost a configuration somewhere.