try
access-list 124 permit gre any host 192.168.1.180 GRE is it's own protocol. -----Original Message----- From: Steve Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: Windows VPN through Cisco 2611 HELP!!! [7:69788] I am having trouble tring to connect to our corp lan. I have a windows 2000 vpn server and have verified that it works internally. The problem I face is setup on the cisco 2611. How do allow gre port 47 to pass through the router. I believe this is the issue. The Cisco IOS Release is 12.1(5)T9. When I try to connect from the outside world I get an error message of: Error 721: The remote computer is not responding. This is after it checks the password. Any help would be much appreciated. Thanks Here is my current configuration. Current configuration : 6236 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname sea-r0 ! logging rate-limit console 10 except errors enable secret XXXXXXXXXXXXXXXXXXXXXXX ! memory-size iomem 15 ip subnet-zero ! ! no ip finger ip domain-name Company.com ! ip inspect name x5fw ftp timeout 3600 ip inspect name x5fw http timeout 3600 ip inspect name x5fw realaudio timeout 3600 ip inspect name x5fw smtp timeout 3600 ip inspect name x5fw udp timeout 3600 ip inspect name x5fw tcp timeout 3600 ip audit notify log ip audit po max-events 100 ! ! ! interface Ethernet0/0 ip address 216.100.100.130 255.255.255.0 ip access-group 124 in ip nat outside full-duplex ! interface Serial0/0 ip address 192.168.10.1 255.255.255.252 ip nat inside ip inspect x5fw in ! interface Ethernet0/1 description Company LAN ip address 192.168.1.254 255.255.255.0 ip access-group 135 in ip nat inside ip inspect x5fw in full-duplex ! interface Serial0/1 no ip address shutdown ! ip nat pool overld 216.100.100.130 216.100.100.130 prefix-length 24 ip nat inside source list 5 pool overld overload ip nat inside source static udp 192.168.4.127 5632 interface Ethernet0/0 5640 ip nat inside source static tcp 192.168.1.180 1723 interface Ethernet0/0 1723 ip nat inside source static tcp 192.168.1.180 47 interface Ethernet0/0 47 ip nat inside source static tcp 192.168.4.127 5631 interface Ethernet0/0 5639 ip nat inside source static udp 192.168.4.126 5632 interface Ethernet0/0 5638 ip nat inside source static tcp 192.168.4.126 5631 interface Ethernet0/0 5637 ip nat inside source static udp 192.168.4.125 5632 interface Ethernet0/0 5636 ip nat inside source static tcp 192.168.4.125 5631 interface Ethernet0/0 5635 ip nat inside source static tcp 192.168.1.36 3389 interface Ethernet0/0 3389 ip nat inside source static tcp 192.168.1.171 25 interface Ethernet0/0 25 ip nat inside source static tcp 192.168.1.171 80 interface Ethernet0/0 80 ip nat inside source static tcp 192.168.1.171 443 interface Ethernet0/0 443 ip nat inside source static tcp 192.168.1.150 5631 interface Ethernet0/0 5631 ip nat inside source static udp 192.168.1.150 5632 interface Ethernet0/0 5632 ip nat inside source static tcp 192.168.1.125 5631 interface Ethernet0/0 5633 ip nat inside source static udp 192.168.1.125 5632 interface Ethernet0/0 5634 ip nat inside source static 192.168.1.36 216.100.100.133 ip nat inside source static 192.168.1.200 216.100.100.131 ip nat inside source static 192.168.1.202 216.100.100.132 ip classless ip route 0.0.0.0 0.0.0.0 216.100.100.129 ip route 192.168.4.0 255.255.255.0 Serial0/0 no ip http server ! access-list 5 permit 192.168.1.0 0.0.0.255 access-list 5 permit 192.168.4.0 0.0.0.255 access-list 5 permit 192.168.10.0 0.0.0.255 access-list 124 permit tcp any host 216.100.100.130 eq telnet access-list 124 permit tcp any host 216.100.100.130 eq 24 access-list 124 permit tcp any host 216.100.100.130 eq 1723 access-list 124 permit tcp any host 216.100.100.130 eq www access-list 124 permit tcp any host 216.100.100.130 eq 443 access-list 124 permit tcp any host 216.100.100.130 eq 5000 access-list 124 permit tcp any host 216.100.100.130 eq smtp access-list 124 permit tcp any host 216.100.100.130 eq 5631 access-list 124 permit udp any host 216.100.100.130 eq 5632 access-list 124 permit tcp any host 216.100.100.130 eq 5633 access-list 124 permit udp any host 216.100.100.130 eq 5634 access-list 124 permit tcp any host 216.100.100.130 eq 5635 access-list 124 permit udp any host 216.100.100.130 eq 5636 access-list 124 permit tcp any host 216.100.100.130 eq 5637 access-list 124 permit udp any host 216.100.100.130 eq 5638 access-list 124 permit tcp any host 216.100.100.130 eq 5639 access-list 124 permit udp any host 216.100.100.130 eq 5640 access-list 124 permit tcp any host 216.100.100.130 eq 3389 access-list 124 permit icmp any host 216.100.100.130 access-list 124 permit tcp any host 216.100.100.131 eq ftp access-list 124 permit tcp any host 216.100.100.131 eq telnet access-list 124 permit tcp any host 216.100.100.131 eq www access-list 124 permit tcp any host 216.100.100.131 eq smtp access-list 124 permit tcp any host 216.100.100.131 eq 443 access-list 124 permit tcp any host 216.100.100.131 eq 389 access-list 124 permit tcp any host 216.100.100.131 eq 8000 access-list 124 permit tcp any host 216.100.100.131 eq 3389 access-list 124 permit tcp any host 216.100.100.132 eq ftp access-list 124 permit tcp any host 216.100.100.132 eq telnet access-list 124 permit tcp any host 216.100.100.132 eq www access-list 124 permit tcp any host 216.100.100.132 eq smtp access-list 124 permit tcp any host 216.100.100.132 eq 443 access-list 124 permit tcp any host 216.100.100.132 eq 389 access-list 124 permit tcp any host 216.100.100.132 eq 8000 access-list 124 permit tcp any host 216.100.100.133 eq www access-list 124 permit tcp any host 216.100.100.133 eq 443 access-list 124 permit tcp any host 216.100.100.133 eq 8080 access-list 124 permit gre any host 216.100.100.130 access-list 124 deny ip any any access-list 135 permit tcp 192.168.1.0 0.0.0.255 any access-list 135 permit udp 192.168.1.0 0.0.0.255 any access-list 135 permit icmp 192.168.1.0 0.0.0.255 any access-list 135 deny ip any any access-list 137 permit tcp 192.168.4.0 0.0.0.255 any access-list 137 permit udp 192.168.4.0 0.0.0.255 any access-list 137 permit icmp 192.168.4.0 0.0.0.255 any access-list 137 permit tcp 192.168.10.0 0.0.0.255 any access-list 137 permit udp 192.168.10.0 0.0.0.255 any access-list 137 permit icmp 192.168.10.0 0.0.0.255 any access-list 137 deny ip any any access-list 155 permit ip 192.168.2.0 0.0.0.255 any access-list 157 permit icmp any any banner motd ^C WARNING: This is a company computer system with access restricted to those with proper authorization. Authorized parties are restricted to those functions which have been assigned to perform work related duties. Any unauthorized access attempt will be investigated and prosecuted to the full extent of the law. If you are not an authorized user, disconnect now. ^C ! line con 0 transport input none line 33 64 line aux 0 line vty 0 4 password XXXXXXXXXXXXXXXXXXXXXXXXX login ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69808&t=69788 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]