I am having trouble tring to connect to our corp lan. I have a windows 2000
vpn server and have verified that it works internally. The problem I face
is setup on the cisco 2611. How do allow gre port 47 to pass through the
router. I believe this is the issue. The Cisco IOS Release is 12.1(5)T9.
When I try to connect from the outside world I get an error message of:
Error 721: The remote computer is not responding. This is after it checks
the password. Any help would be much appreciated. Thanks
Here is my current configuration.
Current configuration : 6236 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sea-r0
!
logging rate-limit console 10 except errors
enable secret XXXXXXXXXXXXXXXXXXXXXXX
!
memory-size iomem 15
ip subnet-zero
!
!
no ip finger
ip domain-name Company.com
!
ip inspect name x5fw ftp timeout 3600
ip inspect name x5fw http timeout 3600
ip inspect name x5fw realaudio timeout 3600
ip inspect name x5fw smtp timeout 3600
ip inspect name x5fw udp timeout 3600
ip inspect name x5fw tcp timeout 3600
ip audit notify log
ip audit po max-events 100
!
!
!
interface Ethernet0/0
ip address 216.100.100.130 255.255.255.0
ip access-group 124 in
ip nat outside
full-duplex
!
interface Serial0/0
ip address 192.168.10.1 255.255.255.252
ip nat inside
ip inspect x5fw in
!
interface Ethernet0/1
description Company LAN
ip address 192.168.1.254 255.255.255.0
ip access-group 135 in
ip nat inside
ip inspect x5fw in
full-duplex
!
interface Serial0/1
no ip address
shutdown
!
ip nat pool overld 216.100.100.130 216.100.100.130 prefix-length 24
ip nat inside source list 5 pool overld overload
ip nat inside source static udp 192.168.4.127 5632 interface Ethernet0/0 5640
ip nat inside source static tcp 192.168.1.180 1723 interface Ethernet0/0 1723
ip nat inside source static tcp 192.168.1.180 47 interface Ethernet0/0 47
ip nat inside source static tcp 192.168.4.127 5631 interface Ethernet0/0 5639
ip nat inside source static udp 192.168.4.126 5632 interface Ethernet0/0 5638
ip nat inside source static tcp 192.168.4.126 5631 interface Ethernet0/0 5637
ip nat inside source static udp 192.168.4.125 5632 interface Ethernet0/0 5636
ip nat inside source static tcp 192.168.4.125 5631 interface Ethernet0/0 5635
ip nat inside source static tcp 192.168.1.36 3389 interface Ethernet0/0 3389
ip nat inside source static tcp 192.168.1.171 25 interface Ethernet0/0 25
ip nat inside source static tcp 192.168.1.171 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.171 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.150 5631 interface Ethernet0/0 5631
ip nat inside source static udp 192.168.1.150 5632 interface Ethernet0/0 5632
ip nat inside source static tcp 192.168.1.125 5631 interface Ethernet0/0 5633
ip nat inside source static udp 192.168.1.125 5632 interface Ethernet0/0 5634
ip nat inside source static 192.168.1.36 216.100.100.133
ip nat inside source static 192.168.1.200 216.100.100.131
ip nat inside source static 192.168.1.202 216.100.100.132
ip classless
ip route 0.0.0.0 0.0.0.0 216.100.100.129
ip route 192.168.4.0 255.255.255.0 Serial0/0
no ip http server
!
access-list 5 permit 192.168.1.0 0.0.0.255
access-list 5 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.10.0 0.0.0.255
access-list 124 permit tcp any host 216.100.100.130 eq telnet
access-list 124 permit tcp any host 216.100.100.130 eq 24
access-list 124 permit tcp any host 216.100.100.130 eq 1723
access-list 124 permit tcp any host 216.100.100.130 eq www
access-list 124 permit tcp any host 216.100.100.130 eq 443
access-list 124 permit tcp any host 216.100.100.130 eq 5000
access-list 124 permit tcp any host 216.100.100.130 eq smtp
access-list 124 permit tcp any host 216.100.100.130 eq 5631
access-list 124 permit udp any host 216.100.100.130 eq 5632
access-list 124 permit tcp any host 216.100.100.130 eq 5633
access-list 124 permit udp any host 216.100.100.130 eq 5634
access-list 124 permit tcp any host 216.100.100.130 eq 5635
access-list 124 permit udp any host 216.100.100.130 eq 5636
access-list 124 permit tcp any host 216.100.100.130 eq 5637
access-list 124 permit udp any host 216.100.100.130 eq 5638
access-list 124 permit tcp any host 216.100.100.130 eq 5639
access-list 124 permit udp any host 216.100.100.130 eq 5640
access-list 124 permit tcp any host 216.100.100.130 eq 3389
access-list 124 permit icmp any host 216.100.100.130
access-list 124 permit tcp any host 216.100.100.131 eq ftp
access-list 124 permit tcp any host 216.100.100.131 eq telnet
access-list 124 permit tcp any host 216.100.100.131 eq www
access-list 124 permit tcp any host 216.100.100.131 eq smtp
access-list 124 permit tcp any host 216.100.100.131 eq 443
access-list 124 permit tcp any host 216.100.100.131 eq 389
access-list 124 permit tcp any host 216.100.100.131 eq 8000
access-list 124 permit tcp any host 216.100.100.131 eq 3389
access-list 124 permit tcp any host 216.100.100.132 eq ftp
access-list 124 permit tcp any host 216.100.100.132 eq telnet
access-list 124 permit tcp any host 216.100.100.132 eq www
access-list 124 permit tcp any host 216.100.100.132 eq smtp
access-list 124 permit tcp any host 216.100.100.132 eq 443
access-list 124 permit tcp any host 216.100.100.132 eq 389
access-list 124 permit tcp any host 216.100.100.132 eq 8000
access-list 124 permit tcp any host 216.100.100.133 eq www
access-list 124 permit tcp any host 216.100.100.133 eq 443
access-list 124 permit tcp any host 216.100.100.133 eq 8080
access-list 124 permit gre any host 216.100.100.130
access-list 124 deny ip any any
access-list 135 permit tcp 192.168.1.0 0.0.0.255 any
access-list 135 permit udp 192.168.1.0 0.0.0.255 any
access-list 135 permit icmp 192.168.1.0 0.0.0.255 any
access-list 135 deny ip any any
access-list 137 permit tcp 192.168.4.0 0.0.0.255 any
access-list 137 permit udp 192.168.4.0 0.0.0.255 any
access-list 137 permit icmp 192.168.4.0 0.0.0.255 any
access-list 137 permit tcp 192.168.10.0 0.0.0.255 any
access-list 137 permit udp 192.168.10.0 0.0.0.255 any
access-list 137 permit icmp 192.168.10.0 0.0.0.255 any
access-list 137 deny ip any any
access-list 155 permit ip 192.168.2.0 0.0.0.255 any
access-list 157 permit icmp any any
banner motd ^C
WARNING: This is a company computer system with access restricted
to those with proper authorization. Authorized parties
are restricted to those functions which have been
assigned to perform work related duties. Any unauthorized
access attempt will be investigated and prosecuted to the
full extent of the law.
If you are not an authorized user, disconnect now.
^C
!
line con 0
transport input none
line 33 64
line aux 0
line vty 0 4
password XXXXXXXXXXXXXXXXXXXXXXXXX
login
!
end
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69788&t=69788
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
