Cisco router 831 PPTP VPN setup

I'm trying to set up a PPTP VPN on a Cisco 831 router. I've got the routers
800-series software configuration guide from the Cisco site but it talks
about IPSEC instead. I came up with a document at Cisco called "Configuring
the Cisco Router and VPN Clients Using PPTP and MPPE. It's pretty close to
what I want but is actually written for a Cisco 2621. So here's what I'm
doing but it doesn't yet work (I'm just typing the main stuff here. The
access-list 111 actually permits a variety of other things as well, such as
icmp, stmp, pop3, www, etc):

vpdn-group 1
description My VPDN remote-access group
request-dialin
protocol pptp
source vpdn-template virtual-template1

interface Ethernet1
description $ETH-WAN$
ip address (our external internet IP address goes here, followed by
subnet mask)
ip access-group 111 in
ip nat outside
no ip mroute-cache
no cdp enable
hold-queue 32 in

interface Virtual-Template1
ip unnumbered Ethernet0
peer default ip address pool PPTP_pool
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap

ip local pool PPTP_pool 192.168.1.1 192.168.1.10

access-list 111 permit tcp any any eq 1723
access-list 111 permit gre any any
access-list 111 deny ip any any


I've actually got a working PPTP VPN set up on my PIX 506e, but the command
set on the Cisco 831 router is somewhat different. For example, on the PIX
the VPN username is set up via the command 'vpdn username anyname password
anypassword', but this command doesn't exist on the 831. Instead, I just
create a username/password in general on the 831. By the way, the internal
LAN network for the 831 is 172.16.x.x, 255.255.0.0. One main thing that I'm
doing different on the PIX is:

access-list acl_PPTP permit ip 172.16.0.0 255.255.0.0 192.168.1.0
255.255.255.0
access-list acl_PPTP permit icmp 172.16.0.0 255.255.0.0 192.168.1.0
255.255.255.0
nat (inside) 0 access-list acl_PPTP

My VPN setup on the PIX (only part of it shown here) works great, but I
can't get the Router 831 equivalent working. Can anyone suggest a PDF, web
link, or direct comments as to why the configuration shown at the top of
this posting isn't sufficient? It seems I'm on the right track but am
missing a couple of configuration steps.

Thanks in advance,

Tom Edelbrok











.

Relevant Pages

  • Re: A RAS/VPN "Is it just me?" question
    ... You have a T1 at the office connected to a Cisco ... Then you say you have a Dlink at the office and a Dlink at ... If you are adventurous you could have me try to vpn from one of my ... >> router? ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN IPSEC issue, can you please help?
    ... > and I do have a Linksys router set up with a static IP to the ISP. ... > client VPN. ... > that without unravelling a server configuration that is working> otherwise. ...
    (microsoft.public.windows.server.sbs)
  • Configuring router for VPN passthrough
    ... to VPN requests, and have the laptop configured to connect as a VPN ... The connection made from inside the firewall (directly to the ... I think it has to be the router configuration for VPN ...
    (comp.security.firewalls)
  • Re: VPN IPSEC issue, can you please help?
    ... and I do have a Linksys router set up with a static IP to the ISP. ... client VPN. ... that without unravelling a server configuration that is working otherwise. ...
    (microsoft.public.windows.server.sbs)
  • Re: OT:--CISCO EXPERTS...
    ... boxes and Cisco routers connected to these with X21 cable. ... You mention steep learning curve but if I can just get ino router maybe can ... > want to consider any risk of providing them with an insecure configuration ... >>> Telnet access should also be disabled leaving connection via SSH or ...
    (microsoft.public.windows.server.sbs)