[c-nsp] PPTP behind Cisco 2821

David L. West nntp at deskoptional.com
Sat Sep 15 10:46:52 EDT 2007 

Not sure if this is the right forum to ask, but here goes.

Have a Win2k box that used to sit behind an old AdTran router. It's IP 
address at the time was 199.227.61.198.  I've moved it to a new site and a 
new IP, 67.16.84.14.  That IP sits behind a Cisco 2821 router, no firewall 
enabled other than the RRAS/NAT on the Windows box itself. The Windows 
server can see the outside world, and all other services (RDC, WWW, etc) can 
be reached on it as expected.

Here's the problem: VPN connections worked at the old location but don't at 
the new. I was trying to figure out if there was some router configuration I 
needed to change and did a packet trace.  I can see the OLD address coming 
up in the trace and can find no reason for this whatever.

You can see at http://home.dlwest.com/bad.jpg this happening: the first 
packet comes in from my home machine to the 67.16.84.14 address.  Then you 
see alternate packets from me to the "new" and "old" IP addresses.  The old 
address is nowhere in my configuration; not in the VPN connectoid on the 
client, not in DNS, not in the registry of either machine. For comparison, a 
successfull PPTP client connection looks like this: 
http://home.dlwest.com/good.jpg.

I'm 99.9% convinced this is an MS issue, but wanted to check with this crowd 
to see if there is anything I should be doing on the router that I'm not. 
Router config follows.

================================================

Current configuration : 1421 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rt01-core
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
!
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 description v010-outside-link-to-citylink [505 314 0890]
 encapsulation dot1Q 10
 ip address 208.50.192.78 255.255.255.248
 no ip unreachables
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 description v002-internal-mgt-vlan
 encapsulation dot1Q 2
 ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet0/1.20
 description v020-public-ip-inside
 encapsulation dot1Q 20
 ip address 67.16.84.1 255.255.255.240
 no ip unreachables
!
ip default-gateway 208.50.192.73
ip route 0.0.0.0 0.0.0.0 208.50.192.73
ip route 67.16.84.0 255.255.255.0 Null0 15
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 35791 0
 password boofar
 login
line vty 5 15
 exec-timeout 35791 0
 login
!
scheduler allocate 20000 1000

!
webvpn cef
!
!

More information about the cisco-nsp mailing list