How to configure Cisco 1720 routers to allow VPN traffic through
I am trying to configure a Cisco 1720 router, running IOS Version 12.1(1), to allow VPN traffic through to an Internal MS RRAS Server, Windows 2003. I have tried to configure the router, but it appears to be blocking GRE, Port 47, protocol.
Part of the configuration I have is the following:
IP nat inside source list 5 interface Serial0 overload
IP nat inside source static tcp 192.168.0.10 1723 xxx.xxx.xxx.xxx extendable
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1721
Access-list 110 permit gre any host xxx.xxx.xxx.xxx
What am I missing here, or is it even possible to allow PPTP traffic through this router while using NAT?
Apart from opening the ports, you should try setting MTU size also. For PPTP VPN connections, you need to open TCP port 1723 for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. If your ACLs are in order, I would suggest increasing MTU size to 1524 on all interfaces on 1720 and VPN server.
Also check you ACL 5.
This was first published in May 2006