I used to have similar to yours except that I have cable modem and a Linux Firewall instead of ISDN connection and Cisco router connection. Let me guess this straight. Your Win2K server has private IP address correct. In that case, you have to do "port redirection" on the Cisco 2600 router. It's essentially looks like: The router is BRI interface is listening for incoming traffic on port TCP 1723 (which PPTP [Microsoft buggy winblows version of VPN] is running on) and GRE port 47. When the router receive this type of traffic, it will redirect the traffic to your Win2K server, with IP address, for example 192.168.1.100. You have to read the document in regard to the IOS syntax. On you Win98 connection, your VPN connection will point it IP address to 202.157.70.61
On my linux firewall, I use these rules to allow remote users to access the corporate network: /sbin/iptables -A INPUT -p gre --destination-port 47 -j ACCEPT /sbin/iptables -A PREROUTING -t nat -p tcp -d 129.174.1.13 --destination-port 1723 -j DNAT --t o 192.168.1.100:1723 Enjoy ----- Original Message ----- From: "NKP" To: Sent: Wednesday, November 28, 2001 8:49 AM Subject: NAT commands [7:27539] > Hi All > I have the following scenario . > I have a Cisco 2600 router which is connected to the ISDN and I have got a > fixed Ip address from my ISP which is assigned to the bri interface , it is > connecting fine .All the internal addresses are translated on ethernet > on my ethernet I have a Windows 2K server . > I want a remote user to connect to my Win2K server , how should I > configure my router to send the request for authentication to this win2K > server via VPN as it has a translated IP address . > . My remote client is on Win 98 . > > My present router configs are given below > > thanks in advance , > > Navin Parwal > > > > > Router# > Router# > Router#sh run > Building configuration... > > Current configuration: > ! > version 12.0 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Router > ! > ! > memory-size iomem 10 > ip subnet-zero > ! > ip dhcp pool local > network 192.168.1.0 255.255.255.0 > default-router 192.168.1.1 > dns-server 12.10.194.34 > ! > isdn switch-type basic-net3 > ! > ! > ! > ! > interface Ethernet0/0 > ip address 192.168.1.1 255.255.255.0 > no ip directed-broadcast > ip nat inside > no cdp enable > no mop enabled > ! > interface Serial0/0 > no ip address > no ip directed-broadcast > no ip mroute-cache > shutdown > no fair-queue > clockrate 64000 > ! > interface BRI0/0 > ip address 202.157.70.61 255.255.255.0 > no ip directed-broadcast > ip nat outside > encapsulation ppp > dialer string 226476 > dialer-group 1 > isdn switch-type basic-net3 > no cdp enable > ppp chap refuse > ppp pap sent-username jbc password > hold-queue 75 in > ! > ip nat inside source list 10 interface BRI0/0 overload > ip classless > ip route 0.0.0.0 0.0.0.0 BRI0/0 > no ip http server > ! > access-list 10 permit any > dialer-list 1 protocol ip permit > ! > ! > line con 0 > transport input none > line aux 0 > line vty 0 4 > login > ! > no scheduler allocate > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27543&t=27539 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
