I am trying to configure a Cisco 1720 router, running IOS Version 12.1(1), to allow VPN traffic through to an Internal MS RRAS Server, Windows 2003. I have tried to configure the router, but it appears to be blocking GRE, Port 47, protocol.
Part of the configuration I have is the following:
IP nat inside source list 5 interface Serial0 overload
IP nat inside source static tcp 192.168.0.10 1723 xxx.xxx.xxx.xxx extendable !
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1721
Access-list 110 permit gre any host xxx.xxx.xxx.xxx
What am I missing here, or is it even possible to allow PPTP traffic through this router while using NAT?
Apart from opening the ports, you should try setting MTU size also. For PPTP VPN connections, you need to open TCP port 1723 for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. If your ACLs are in order, I would suggest increasing MTU size to 1524 on all interfaces on 1720 and VPN server.
Also check you ACL 5.
Dig deeper on Network Hardware
Related Q&A from Sudhanshu Gupta, Routing and Switching Expert
Unmanaged Linksys switches don't know where to send BootP and DHCP requests. Find out what to do to fix the problem of unmanaged switches and DHCP ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.