Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

windows xp vpn with cisco router

Status
Not open for further replies.
paublo

paublo

ISP
Sep 14, 2006
127
US
Hi, wondering if anyone has some pointers on this which would be great.

Basically i have a cisco 1601 with no ACL's running nat.
On the NAT statment i have:

ip nat inside source static tcp 192.168.0.229 1723 209.213.71.50 1723 extendable

ip nat inside source static udp 192.168.0.229 1723 209.213.71.50 1723 extendable

when i try connecting to 192.168.0.229 from the inside on the LAN it works fine. when i try remotly from outside the cisco router i get as far has verifying username and password then after a minute i get error 721. which is a GRE error, with that said i have no ACL's for GRE packets should be allowed.

What am i doing wrong, is it the router im using, too old, although i cant see this being the case if everything is opened.

heres what i see in the windows log:

A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
 
Sort by date Sort by votes
First off, are you sure the ports are correct? Second, is

209.213.71.50

the next hop or the outside interface? Third, how are you connecting on the inside? You cannot connect via vpn inside your own lan, like from one node in your own lan to another unless there are multiple routers separating directly connected boundaries...

Burt
 
Upvote 0 Downvote
Burt,

Paublo is assisting me with this, and I'm the one who actually tested internally from my office. I have been reading through the documentation from Cisco and have concluded that GRE is not a supported protocol on my 1601R.

Solution: new router that supports GRE.

Jon
 
Upvote 0 Downvote
According to your config, you are simply allowing port 1723 to pass through the router---the router does not care what GRE is...

Burt
 
Upvote 0 Downvote
turns out a cisco 1751 with a newer IOS did the trick
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
98
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
426
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
401
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
421
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
374
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top