Jump to content

VPN passthrough cisco 1721


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Recommended Posts

Hallo zusammen,

 

habe folgendes Problem:

 

inet<-->cisco1721<--->windows 2003Server (Vpn Server)

 

habe das Problem das der conect von außerhalb nicht funktioniert.

habe alle nötigen Port weitergeleitet.

Nun habe ich das problem mit Protokoll GRE.

Wie kann ich beim Cisco 1721 die weiterleitung für das Protokoll einstellen

so zusagen VPN passthrough.

 

Danke für eure Antworten.

 

Grüße

 

Crisirius :confused:

Link to comment

Hi,

 

für GRE brauchst du kein NAT machen. Dies wird autom. gemacht, wenn du TCP Port 1723 weiterleitest.

Falls du am Interface eine ACL gebunden hast, musst du hier aber GRE erlauben:

 

access-list 100 permit ip any any eq gre

access-list 100 permit tcp any any eq 1723

 

 

Grüsse

Thomas

Link to comment

Hi. Poste mal deine Config.

 

Bei mir sieht es so aus:

!

! No configuration change since last restart

! NVRAM config last updated at 15:06:15 CEST Thu Jun 16 2005 by pitt

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco1750

!

logging queue-limit 100

enable password [snip]

!

username pitt password [snip]

memory-size iomem 25

clock timezone MET 1

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 1:00

aaa new-model

!

!

aaa session-id common

ip subnet-zero

!

!

ip domain name [snip]

ip name-server 194.25.2.129

!

ip cef

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

!

!

!

interface Ethernet0

description connected to Internet

no ip address

half-duplex

pppoe enable

pppoe-client dial-pool-number 1

no keepalive

!

interface FastEthernet0

description connected to EthernetLAN

ip address 192.168.32.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip tcp adjust-mss 1452

speed auto

full-duplex

!

interface Serial0

no ip address

shutdown

!

interface Dialer1

description connected to Internet

ip address negotiated

ip access-group 101 in

ip mtu 1492

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 2

ppp authentication chap pap callin

ppp chap hostname [snip]

ppp chap password [snip]

ppp pap sent-username [snip] password [snip]

!

router rip

version 2

passive-interface Dialer1

network 192.168.32.0

no auto-summary

!

ip nat inside source static tcp 192.168.32.4 1723 interface dialer1 1723

ip nat inside source route-map nonat interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

!

access-list 100 permit ip any any

access-list 101 permit gre any any

access-list 101 permit esp any any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any packet-too-big

access-list 101 permit icmp any any echo

access-list 101 permit icmp any any ttl-exceeded

access-list 101 permit udp any eq domain any

access-list 101 permit tcp any eq www any

access-list 101 permit tcp any eq smtp any

access-list 101 permit udp any eq isakmp any

access-list 101 permit udp any any eq isakmp

access-list 101 permit udp any eq non500-isakmp any

access-list 101 permit udp any any eq non500-isakmp

access-list 101 permit udp any eq 3000 any

access-list 101 permit tcp any any eq 1723

access-list 101 permit tcp any eq 1723 any

access-list 101 permit tcp any any eq telnet

access-list 101 permit tcp any eq telnet any

access-list 101 permit tcp any any eq 3389

access-list 101 permit tcp any eq 3389 any

access-list 101 permit tcp any any established

access-list 101 deny ip any any

access-list 133 permit ip 192.168.32.0 0.0.0.255 any

dialer-list 2 protocol ip permit

!

route-map nonat permit 10

match ip address 133

!

snmp-server community public RO

snmp-server enable traps tty

radius-server authorization permit missing Service-Type

!

line con 0

exec-timeout 0 0

password [snip]

line aux 0

line vty 0 4

exec-timeout 0 0

password [snip]

!

no scheduler allocate

ntp clock-period 17179871

ntp server 194.25.134.196

end

 

Die 2 Einträge in Fett sind wichtig.

 

Gruss

Pitt

Link to comment
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...