Cisco PPTP VPN Problem

gigobait · Nov 16, 2011

Hey guys. Looking for some help. I got a problem connecting to a PPTP vpn I setup on the router at work. I can connect in get an address from DHCP, ping the router's internal address, but a single host. The router can ping me too. I know it's some kind of routing issue but I can't figure it out. Any help would be appreciated, I have shortened the config to the parts where i think the problem is. The rest of it is missing or edited because it doesnt play a role in the vpn. Again any suggestions would be much appreciated.

Building configuration...

Current configuration : 228301 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_auth local
aaa authentication ppp default local
!
!
aaa session-id common
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00

!
no ip source-route
no ip gratuitous-arps
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.11.1 192.168.11.129
ip dhcp excluded-address 192.168.11.240 192.168.11.254
!
ip dhcp pool local
import all
network 192.168.11.0 255.255.255.0
domain-name csquared.local
default-router 192.168.11.1
dns-server 192.168.11.24 8.8.8.8
lease 0 6
!
!
ip cef
!
!
no ip bootp server
ip domain name csquared.local
ip name-server 8.8.8.8
ip name-server 4.2.2.4
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
login block-for 1 attempts 999 within 30
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username hxxxx privilege 15 password 7
username axxxx privilege 15 secret 5
archive
log config
hidekeys
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 rtr 3 reachability
!
track 4 rtr 4 reachability
!
track 10 list boolean or
object 1
object 2
!
track 20 list boolean or
object 3
object 4
!
!
!
!
interface Tunnel0
no ip address
!
interface Tunnel1
no ip address
!
interface Tunnel2
no ip address
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 6x.2xx.xx.xx 255.255.255.0
ip access-group 1 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip load-sharing per-packet
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no mop enabled
!
interface GigabitEthernet0/1
description Connection to Comcast Modem Port 2$ETH-WAN$
ip address 173.xx.xx.21 255.255.255.248
ip access-group 1 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip load-sharing per-packet
ip nat outside
ip virtual-reassembly
duplex full
speed 100
media-type rj45
no mop enabled

!
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
no ip redirects
no ip unreachables
no ip proxy-arp
peer default ip address pool datain
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2

!
ip local pool SDM_POOL_1 192.168.21.0 192.168.21.100
ip local pool datain 192.168.11.130 192.168.11.180
ip route 0.0.0.0 0.0.0.0 64.223.153.1 track 10
ip route 0.0.0.0 0.0.0.0 173.14.161.22 track 20
ip route 0.0.0.0 0.0.0.0 64.223.153.1
ip route 0.0.0.0 0.0.0.0 173.14.161.22
ip route 10.149.86.0 255.255.255.0 173.xx.xx.22
ip route 10.217.212.0 255.255.255.0 173.xx.xx.22
ip route 157.209.0.0 255.255.0.0 173.xx.xx.22
!

access-list 1 remark SDM_ACL Category=17
access-list 1 permit 10.0.0.0 0.0.255.255
access-list 1 permit any
access-list 10 permit 192.168.11.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 remark IPSec Rule
access-list 100 deny ip 192.168.11.0 0.0.0.255 10.217.212.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 deny ip 192.168.11.0 0.0.0.255 10.150.86.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 deny ip 192.168.11.0 0.0.0.255 10.149.86.0 0.0.0.255
access-list 100 remark TheHartford
access-list 100 deny ip host 69.95..xx xx.209.0.0 0.0.255.255 log
access-list 100 deny ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 100 deny ip 192.168.11.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
access-list 100 permit ip 192.168.21.0 0.0.0.255 any
access-list 100 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.0.0.0 0.0.255.255 any
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=18
access-list 103 remark TheHartford
access-list 103 deny ip host 69.xx.xx.9 157.209.0.0 0.0.255.255 log
access-list 103 permit ip 192.168.11.0 0.0.0.255 any
access-list 103 deny ip 192.168.13.0 0.0.0.255 10.149.86.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Cisco PPTP VPN Problem

gigobait

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor