[c-nsp] PPTP behind Cisco 2821
David L. West
nntp at deskoptional.com
Sat Sep 15 10:46:52 EDT 2007
Not sure if this is the right forum to ask, but here goes.
Have a Win2k box that used to sit behind an old AdTran router. It's IP
address at the time was 199.227.61.198. I've moved it to a new site and a
new IP, 67.16.84.14. That IP sits behind a Cisco 2821 router, no firewall
enabled other than the RRAS/NAT on the Windows box itself. The Windows
server can see the outside world, and all other services (RDC, WWW, etc) can
be reached on it as expected.
Here's the problem: VPN connections worked at the old location but don't at
the new. I was trying to figure out if there was some router configuration I
needed to change and did a packet trace. I can see the OLD address coming
up in the trace and can find no reason for this whatever.
You can see at http://home.dlwest.com/bad.jpg this happening: the first
packet comes in from my home machine to the 67.16.84.14 address. Then you
see alternate packets from me to the "new" and "old" IP addresses. The old
address is nowhere in my configuration; not in the VPN connectoid on the
client, not in DNS, not in the registry of either machine. For comparison, a
successfull PPTP client connection looks like this:
http://home.dlwest.com/good.jpg.
I'm 99.9% convinced this is an MS issue, but wanted to check with this crowd
to see if there is anything I should be doing on the router that I'm not.
Router config follows.
================================================
Current configuration : 1421 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rt01-core
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
!
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
description v010-outside-link-to-citylink [505 314 0890]
encapsulation dot1Q 10
ip address 208.50.192.78 255.255.255.248
no ip unreachables
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
description v002-internal-mgt-vlan
encapsulation dot1Q 2
ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet0/1.20
description v020-public-ip-inside
encapsulation dot1Q 20
ip address 67.16.84.1 255.255.255.240
no ip unreachables
!
ip default-gateway 208.50.192.73
ip route 0.0.0.0 0.0.0.0 208.50.192.73
ip route 67.16.84.0 255.255.255.0 Null0 15
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
exec-timeout 35791 0
password boofar
login
line vty 5 15
exec-timeout 35791 0
login
!
scheduler allocate 20000 1000
!
webvpn cef
!
!
More information about the cisco-nsp
mailing list