Google Answers Logo
View Question
 
Q: Remote Access VPN configuration for a Cisco 837 ADSL router ( No Answer,   2 Comments )
Question  
Subject: Remote Access VPN configuration for a Cisco 837 ADSL router
Category: Computers > Security
Asked by: orbital_mechanic-ga
List Price: $5.00
Posted: 06 Apr 2006 11:40 PDT
Expires: 06 May 2006 11:40 PDT
Question ID: 716197
Hiya-

I'm trying to get a working config for terminating a remote access vpn
on a Cisco 837 router.
It can use either PPTP (preferable) or IPSec. Its just got to work!

Here's what I've done so far, config-wise:
-----------------------------------------------------------------------------

version 12.3
service config
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname (changed)
!
boot-start-marker
boot-end-marker
!
enable secret (changed)
!
no aaa new-model
ip subnet-zero
!
!
ip name-server 194.72.9.34
ip name-server 194.72.9.38
ip audit notify log
ip audit po max-events 100
ip ssh break-string
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
no crypto isakmp enable
!
!
!
!
interface Ethernet0
ip address 192.168.4.254 255.255.255.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Virtual-Template1
no ip address
peer default ip address pool pptp
ppp encrypt mppe 40
ppp authentication ms-chap
!
interface Dialer0
ip address (external net, /29)
ip access-group 102 in
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname (hostname)
ppp chap password (password)
!
ip local pool pptp 192.168.4.240 192.168.4.245
ip nat inside source list 101 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
access-list 101 remark The local LAN.
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 102 remark traffic allowed in from internet
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any eq domain
access-list 102 permit udp any eq isakmp any eq isakmp
access-list 102 permit tcp any any eq 1723
access-list 102 permit gre any any
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any packet-too-big
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any traceroute
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any echo
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
password (changed)
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password (changed)
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000 

--------------------------------------------------------------------

The problem with the above is: I'm not getting DNS in. I can ping
anything out there, but cant resolve any names. I know the name
servers are out there and working; a basic ADSL config works just
fine.

TIA-

o_m
Answer  
There is no answer at this time.

Comments  
Subject: Re: Remote Access VPN configuration for a Cisco 837 ADSL router
From: taj_420-ga on 23 Apr 2006 09:36 PDT
 
Hey there,
    There are a few ways to set up a vpn with your router 1) static to
static 2)dynamic(client) to static(server) multi client to server. I
think the reason your not able to resolve dns is your static route
statement should be 'ip route 0.0.0.0 0.0.0.0 (default gateway ip
address of your isp)'and ,ip local pool pptp 192.168.4.240
192.168.4.245 change the pptp to your pool list name 101 right now as
far as i can tell your pointing to have the pptp pool as the local
range of addresses. You may also wanto configure a routing protocol
and specify the networks you are directly connected to don't forget
the no auto-summary in your eigrp or rip ver 2 statements. Try that
and see if it helps. My $.02 anyway.
Taj
Subject: Re: Remote Access VPN configuration for a Cisco 837 ADSL router
From: taj_420-ga on 23 Apr 2006 15:18 PDT
 
here's a really good page to check out on cisco's site for vpn's
Taj
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b7d.html#wp1046206

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy