Answer the question
In order to leave comments, you need to log in
VPN PPTP not working on Cisco 871 - what mistakes did I make?
There is a Cisco 871 router that needs to be configured so that all traffic from the office leaves via VPN PPTP.
It turned out to configure WAN and LAN
. But all my attempts to connect PPTP do not give anything ((
Here is the config:
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname router-hma
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2657071675
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2657071675
revocation-check none
rsakeypair TP-self-signed-2657071675
!
!
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.210
!
ip dhcp pool LOCAL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.100
dns-server 193.238.131.93
!
!
ip cef
ip inspect WAAS flush-timeout 10
ip domain name mydomain
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip 176.116.153.18
!
!
!
archive
log config
hidekeys
!
no spanning-tree vlan 1
no spanning-tree vlan 2
username LOGIN privilege 15 secret 5 PASSWORD
username LOGIN privilege 15 password 7 PASSWORD
username LOGIN privilege 15 password 7 PASSWORD
!
!
ip ssh version 1
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
!
interface Dialer0
mtu 1440
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string 123
dialer string inter.net
dialer vpdn
dialer-group 1
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp chap hostname LOGIN
ppp chap password 7 PASSWORD
no cdp enable
!
ip default-gateway 192.168.1.100
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
! ip dns
server ip nat inside source static tcp
192.168.0.2 3389 interface FastEthernet4 3389 .0.0 255.255.0.0 FastEthernet4 ip route 176.116.153.19 255.255.255.255 FastEthernet4 dhcp ! ip access-list standard INSIDE_NAT permit 192.168.1.0 0.0.0.255 ! access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
route-map INTENET permit 10
match ip address INSDE_NAT
match interface Dialer0
!
route-map LOCAL2 permit 10
match ip address INSDE_NAT
match interface FastEthernet4
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 60 0
privilege level 15
password 7 1248524244535856
logging synchronous
login local
transport input ssh
!
scheduler max-task-time 5000
end
Answer the question
In order to leave comments, you need to log in
The pptp server address matches the remote peer address, and when establishing a PPP connection, the corresponding "C" route is added to the PPP interface, the solution is "no peer neighbor-route" because we get this address through the WAN.
Ivan : Look at the new config
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname router-hma
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2657071675
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2657071675
revocation-check none
rsakeypair TP-self-signed-2657071675
!
!
dot11 syslog
ip source-route
no ip gratuitous-arps
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.210
!
ip dhcp pool LOCAL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.100
dns-server 193.238.131.93
!
!
ip cef
ip inspect WAAS flush-timeout 10
ip domain name mydomain
!
!
vpdn enable
!
vpdn-group 1
description pptp
request-dialin
protocol pptp
pool-member 1
initiate-to ip<b> 176.116.153.18</b>
!
!
!
archive
log config
hidekeys
!
no spanning-tree vlan 1
no spanning-tree vlan 2
username LOGIN privilege 15 secret 5 $PASS
username LOGIN privilege 15 password 7 PASS
username LOGIN privilege 15 password 7 PASS
!
!
ip ssh version 1
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
!
interface Dialer0
mtu 1450
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer remote-name 123
dialer idle-timeout 0
dialer string 123
dialer persistent
dialer vpdn
dialer-group 1
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp chap hostname LOGIN
ppp chap password 7 PASS
ppp ipcp dns request
no cdp enable
!
ip default-gateway 192.168.1.100
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map nonat interface FastEthernet4 overload
ip route 192.168.0.0 255.255.0.0 FastEthernet4 dhcp
ip route 176.116.153.18 255.255.255.255 FastEthernet4 dhcp
!
ip access-list standard INSIDE_NAT
permit 192.168.1.0 0.0.0.255
!
logging origin-id hostname
logging server-arp
access-list 23 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 60 0
privilege level 15
password 7 PASS
logging synchronous
login local
transport input ssh
!
scheduler max-task-time 5000
ntp server 67.215.65.132
ntp server 91.236.251.12
end
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question