Q

How to configure Cisco 1720 routers to allow VPN traffic through

Our routing and switching expert, Sudhanshu Gupta, explains how to configure your Cisco 1720 router to allow VPN traffic through to an internal server, in this Ask the Expert answer.

I am trying to configure a Cisco 1720 router, running IOS Version 12.1(1), to allow VPN traffic through to an Internal MS RRAS Server, Windows 2003. I have tried to configure the router, but it appears to be blocking GRE, Port 47, protocol.

Part of the configuration I have is the following:
IP nat inside source list 5 interface Serial0 overload
IP nat inside source static tcp 192.168.0.10 1723 xxx.xxx.xxx.xxx extendable !
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1721
Access-list 110 permit gre any host xxx.xxx.xxx.xxx

What am I missing here, or is it even possible to allow PPTP traffic through this router while using NAT?

Apart from opening the ports, you should try setting MTU size also. For PPTP VPN connections, you need to open TCP port 1723 for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. If your ACLs are in order, I would suggest increasing MTU size to 1524 on all interfaces on 1720 and VPN server.

Also check you ACL 5.

This was first published in May 2006

Dig deeper on Network Hardware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close