|
Posted by Lasse on March 1, 2007, 3:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
We have done some investigation. It seems that a GRE packet is send from my
PC. It comes to the Cisco router and is send PAT´et from that. But nothing
of the GRE traffic comes back from the VPN server.
It could mean different:
1. The GRE packet reach the reach the VPN server but the server do not send
anything back.
2. The packet reach the server and is send back to a wrong IP address
because the PAT function on the Cisco router is not doing its function
right.
3. The packet is routed wrong from the VPN server.
Does someone how the NAT/PAT works on a Cisco router (2600 seriers)?.
Which of 1-3 do you THINK is the cause of the malfunction?
Lasse
> Hi,
> well it's looking like the cisco router now we know where that is in the
> setup. Could you post up the full sh run (take out all the sensitive stuff
> and change some IPs)
> I'll help if I can, and I don't want a present from Denmark :)
> simon
> Lasse wrote:
>> Hi Simon,
>>
>> he setup is like this:
>>
>> PC --->Wireless Network ----> Access Server ---> Cisco Router(doing
>> NAT/PAT) ---> Internet ---> VPN Server
>>
>> I have full control of the Wireless Network, Access Server and the Cisco
>> Router.
>>
>> Does that help?.
>>
>> Lasse
>>
>>
>>> Lasse wrote:
>>>> Hi all you gurues;
>>>>
>>>> We have a problem getting access to a VPN server (XPs build in simple
>>>> VPN server) from a wireless hotspot.
>>>>
>>>> A summay looks like this.
>>>>
>>>> 1. We are using XPs biuld in VPN client which use pptp.
>>>>
>>>> 2. I can login on the server from a fixed ADSL connecting.
>>>>
>>>> 3. From the hotspot the following conversion is seen
>>>>
>>>> - Connecting to server
>>>> - Checking username and password
>>>> - After some time: Error 721 The server did not answer...
>>>>
>>>> 4. From a Ethereal dump I can see:
>>>>
>>>> - The PC is talking to the server with pptp/ppp
>>>> - A some point it starts o use a GRE tunnel
>>>> - From that point is seems that the server cannot communicate with
>>>> the PC anymore. The PC send several commands:
>>>> LC Configuration request (7-8 times)
>>>> to the server - but never get an answer and drops the connecting
>>>> after a while.
>>>>
>>>> 5. We are doing a NAT actually PAT translation on a cisco router in the
>>>> network and have an idea that this could be the problem, but we have
>>>> set it up according to Ciscos recommendation for pptp.
>>>>
>>>> Some lines from the router configuration:
>>>>
>>>> access-list 103 deny udp any any eq 135
>>>>
>>>> access-list 103 deny tcp any any eq 135
>>>>
>>>> access-list 103 deny udp any any eq netbios-ss
>>>>
>>>> access-list 103 deny tcp any any eq 139
>>>>
>>>> access-list 103 deny udp any any eq 445
>>>>
>>>> access-list 103 deny tcp any any eq 445
>>>>
>>>> access-list 103 permit ip any any
>>>>
>>>> access-list 103 permit gre any any
>>>>
>>>>
>>>> 6. Have you seen anything linke this before? Or du you have something
>>>> we have to look into?
>>>>
>>>> 7. If someone solves the problem he/she will get a special present from
>>>> Denmark.
>>>>
>>>> Greetings from Denmark
>>>>
>>>> Lasse
>>>>
>>>>
>>> Where is the cisco in this setup, is it on the network where the router
>>> is, if so and adsl clients can connect then it's probably not related to
>>> the problem. Is the wireless hotspot under your control ?
>>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map