Ask the Expert

How to configure Cisco 1720 routers to allow VPN traffic through

I am trying to configure a Cisco 1720 router, running IOS Version 12.1(1), to allow VPN traffic through to an Internal MS RRAS Server, Windows 2003. I have tried to configure the router, but it appears to be blocking GRE, Port 47, protocol.

Part of the configuration I have is the following:
IP nat inside source list 5 interface Serial0 overload
IP nat inside source static tcp 192.168.0.10 1723 xxx.xxx.xxx.xxx extendable !
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1721
Access-list 110 permit gre any host xxx.xxx.xxx.xxx

What am I missing here, or is it even possible to allow PPTP traffic through this router while using NAT?

    Requires Free Membership to View

Apart from opening the ports, you should try setting MTU size also. For PPTP VPN connections, you need to open TCP port 1723 for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. If your ACLs are in order, I would suggest increasing MTU size to 1524 on all interfaces on 1720 and VPN server.

Also check you ACL 5.

This was first published in May 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: