Problem solve Get help with specific problems with your technologies, process and projects.

How to configure Cisco 1720 routers to allow VPN traffic through

Our routing and switching expert, Sudhanshu Gupta, explains how to configure your Cisco 1720 router to allow VPN traffic through to an internal server, in this Ask the Expert answer.

I am trying to configure a Cisco 1720 router, running IOS Version 12.1(1), to allow VPN traffic through to an Internal...

MS RRAS Server, Windows 2003. I have tried to configure the router, but it appears to be blocking GRE, Port 47, protocol.

Part of the configuration I have is the following:
IP nat inside source list 5 interface Serial0 overload
IP nat inside source static tcp 1723 xxx.xxx.xxx.xxx extendable !
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1723
Access-list 110 permit tcp any host xxx.xxx.xxx.xxx eq 1721
Access-list 110 permit gre any host xxx.xxx.xxx.xxx

What am I missing here, or is it even possible to allow PPTP traffic through this router while using NAT?

Apart from opening the ports, you should try setting MTU size also. For PPTP VPN connections, you need to open TCP port 1723 for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. If your ACLs are in order, I would suggest increasing MTU size to 1524 on all interfaces on 1720 and VPN server.

Also check you ACL 5.

This was last published in May 2006

Dig Deeper on Network Hardware

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.