Is it possible,
I am still searching for an answer, I am trying to VPN to one of my clients microsoft 2000 server running VPN across a Private address.
What the error is:
error 721: from Microsoft, I found error 721 is linking back to GRE and that PPTP needs to ride on the gre protocol.
What I have done so Far:
enabled NAT with port forwarding of port 1723 tcp and I did udp as well just to see if it would be happy to no avail.
What I am looking for the Answer on or to know if I can even do it:
I have found ways to enable protocol 47 (GRE) on the 600 series and the PIX firewalls but can find no mention of it on the 1720's however I did find mention that the 1720's support IPSEC, GRE, L2TP.
here is a copy of my configuration.
Any Ideas short of get an ISP that will give you two IP Addresses so you can just do a one to one nat to the server will be greatly appreciated.
Side Note: I Only have One Valid IP address and CANNOT for NO amount of Money get another one... I have no Idea Why.
and it is Frame-Relay not DSL which is what I originally thought when I heard this:
version 12.0
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname name
!
logging monitor emergencies
enable secret 0
enable password 7
!
memory-size iomem 25
ip subnet-zero
no ip source-route
ip domain-name newsouth.net
ip name-server 1.1.1.1
ip name-server 1.1.1.2
!
interface Serial0
bandwidth 256
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
no fair-queue
service-module t1 timeslots 21-24
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
ip address 172.16.12.154 255.255.255.252
no ip directed-broadcast
ip nat outside
no cdp enable
frame-relay interface-dlci 5
!
interface Serial1
ip address 10.0.0.1 255.255.255.252
no ip directed-broadcast
ip nat inside
encapsulation ppp
no fair-queue
!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
no ip directed-broadcast
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Serial0.1 overload
ip nat inside source static udp 192.168.1.1 88 172.16.12.154 88 extendable
ip nat inside source static udp 192.168.1.1 1723 172.16.12.154 1723 extendable
ip nat inside source static tcp 192.168.1.1 1723 172.16.12.154 1723 extendable
ip nat inside source static tcp 192.168.1.1 1433 172.16.12.154 1433 extendable
ip nat inside source static tcp 192.168.1.1 21 172.16.12.154 21 extendable
ip nat inside source static tcp 192.168.1.1 25 172.16.12.154 25 extendable
ip nat inside source static tcp 192.168.1.1 80 172.16.12.154 80 extendable
ip nat inside source static tcp 192.168.1.1 3389 172.16.12.154 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.12.153
ip route 192.168.2.0 255.255.255.0 10.0.0.2
no ip http server
!
access-list 1 permit any
banner motd ^C
**** This is a secure host! ****
**** Unauthorized access is prohibited! ****
^C
!
line con 0
password 7
login
transport input none
line aux 0
line vty 0 4
password 7
login
!
end
the Address and names, blah, blah, blah have been changed to private but the 172.16.x.x is the one that replaced the one public.
ANY Input into this is greatly appreciated.
Duane
I am still searching for an answer, I am trying to VPN to one of my clients microsoft 2000 server running VPN across a Private address.
What the error is:
error 721: from Microsoft, I found error 721 is linking back to GRE and that PPTP needs to ride on the gre protocol.
What I have done so Far:
enabled NAT with port forwarding of port 1723 tcp and I did udp as well just to see if it would be happy to no avail.
What I am looking for the Answer on or to know if I can even do it:
I have found ways to enable protocol 47 (GRE) on the 600 series and the PIX firewalls but can find no mention of it on the 1720's however I did find mention that the 1720's support IPSEC, GRE, L2TP.
here is a copy of my configuration.
Any Ideas short of get an ISP that will give you two IP Addresses so you can just do a one to one nat to the server will be greatly appreciated.
Side Note: I Only have One Valid IP address and CANNOT for NO amount of Money get another one... I have no Idea Why.
and it is Frame-Relay not DSL which is what I originally thought when I heard this:
version 12.0
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname name
!
logging monitor emergencies
enable secret 0
enable password 7
!
memory-size iomem 25
ip subnet-zero
no ip source-route
ip domain-name newsouth.net
ip name-server 1.1.1.1
ip name-server 1.1.1.2
!
interface Serial0
bandwidth 256
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
no fair-queue
service-module t1 timeslots 21-24
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
ip address 172.16.12.154 255.255.255.252
no ip directed-broadcast
ip nat outside
no cdp enable
frame-relay interface-dlci 5
!
interface Serial1
ip address 10.0.0.1 255.255.255.252
no ip directed-broadcast
ip nat inside
encapsulation ppp
no fair-queue
!
interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
no ip directed-broadcast
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Serial0.1 overload
ip nat inside source static udp 192.168.1.1 88 172.16.12.154 88 extendable
ip nat inside source static udp 192.168.1.1 1723 172.16.12.154 1723 extendable
ip nat inside source static tcp 192.168.1.1 1723 172.16.12.154 1723 extendable
ip nat inside source static tcp 192.168.1.1 1433 172.16.12.154 1433 extendable
ip nat inside source static tcp 192.168.1.1 21 172.16.12.154 21 extendable
ip nat inside source static tcp 192.168.1.1 25 172.16.12.154 25 extendable
ip nat inside source static tcp 192.168.1.1 80 172.16.12.154 80 extendable
ip nat inside source static tcp 192.168.1.1 3389 172.16.12.154 3389 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.12.153
ip route 192.168.2.0 255.255.255.0 10.0.0.2
no ip http server
!
access-list 1 permit any
banner motd ^C
**** This is a secure host! ****
**** Unauthorized access is prohibited! ****
^C
!
line con 0
password 7
login
transport input none
line aux 0
line vty 0 4
password 7
login
!
end
the Address and names, blah, blah, blah have been changed to private but the 172.16.x.x is the one that replaced the one public.
ANY Input into this is greatly appreciated.
Duane