Question

Locked

Cisco 1811: Unable to connect to VPN at work, using passthrough

By stuff ·
I am using a CISCO 1811 ( not the wireless one). I have a cable modem on FA0, before I got this 1811 I was connected using a D Link and I had to configure it for something called VPN passthrough I believe. Now I am unable to connect to my work from home and I have no idea how to fix that, please help. I tried to use SDM but it asked me for the source ip and I do not have that. Thanks

Here is my config file:
Current configuration : 3347 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
memory-size iomem 15
!
crypto pki trustpoint TP-self-signed-950502357
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-950502357
revocation-check none
rsakeypair TP-self-signed-950502357
!
!
crypto pki certificate chain TP-self-signed-950502357
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39353035 30323335 37301E17 0D303830 39313432 33353833
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3935 30353032
33353730 819F300D 06092A86 4886F70D 01010105 000381 00308189 02818100
EB14D5BF CF0B2CD5 9D366FAD 3CA50296 156BA69F 689348F1 E8D03A6E 6BD1FF71
E680FEB8 812E7C91 E3CE2F93 3F518E45 1CC0FAD7 C4600BF9 E422195C 347D1C3A
EEAC213D 7FE3B27D 99F14C48 5609EC97 BA3D8F55 C71E0019 8EA70BF5 13CC7F63
C0AD23D6 C93E27D4 FFDC2703 E217FDB1 6409C6A7 1473DFB2 475C6C78 15FE3F23
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 801495B1 4AF7CADD
AF8B3DA3 B1EE08E6 873F63EA 2C85301D 0603551D 0E041604 1495B14A F7CADDAF
8B3DA3B1 EE08E687 3F63EA2C 85300D06 092A8648 86F70D01 01040500 03818100
06E9572E FEFE1C43 00661755 DE4CCE3E 3D246567 95F34204 8F6B9954 DE9B94EA
1F357DA5 4030CAA2 EE757F33 2E2F5D30 6FA499DD 6B31DBE4 F7F3F4BE ED73DE02
E3559239 D6AC91A9 F98B8280 34ADE4CC AB235204 7CD3504E 745F4527 705A7BF5
C1E3304A 7B527B38 66044EA5 56022666 4194B29B 7E5681C4 9C676A0E 7F64EA53
Quit
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool MAIN
import all
network 192.168.1.0 255.255.255.0
dns-server 65.32.1.65 65.32.1.70
default-router 192.168.1.1
!
!
ip cef
no ip domain lookup
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
username admin privilege 15 password 0 xxxxxxx
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
! !
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login
!
end

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

More info needed

by NetMan1958 In reply to Cisco 1811: Unable to con ...

It sounds like you are talking about NAT traversal. Could you explain a little more about your VPN? What VPN client are you using and what device is it connecting to on the work side?

Collapse -

establish a VPN connection to a remote server

by stuff In reply to More info needed

Thansk for your reply, I am using something called Check Point VPN-1 Secure Client and I am connecting to a VPN server at work which I know nothing about (only the ip where it is located at). Before I was able to connect using a Netgear, then I got a D Link and I remmember I had to configure it to allow the connection. I basically need for the 1811 to allow LAN computer to establish a VPN connection to a remote server. Thanks again

Collapse -

Have you tried

by NetMan1958 In reply to establish a VPN connectio ...

to connect to the VPN yet? If so, what error message(if any) did you get? And last question, does that CheckPoint client have an option to enable NAT traversal?

Collapse -

Error I am getting is

by stuff In reply to Have you tried

When I try to connect, I go through this process:

Checking network connectivity
Preparig connection...
Connecting to gateway...
Gateway not responding
Connection failed

That's basically what I get, but if I connect directly to my main router (D Link) I do not have a problem.

Also I do not have an option to enable NAT tranversal. It does have an option to either Select INI file or to Configure INI file but that it it. The name of the connection is CheckPoint VPN-1 SecureClient

thanks again

Collapse -

I need to make sure I understand

by NetMan1958 In reply to Error I am getting is

how your devices are linked. Does your Cisco 1811 connect directly to the DSL/cable modem or does it connect to the DLink router and the Dlink connects to the cable/dsl modem.

If the Cisco connects through the DLink, have you tried connecting your Cisco directly to the DSL/cable?

Collapse -

Still connected to the D Link

by stuff In reply to I need to make sure I und ...

I still have it connected to the Dlink because I need to access VPN at work, once I am able to do that, then the CISCO will be the primary router. I tried to connected directly but it did not work neither, meaning did not reach the VPN server.

Collapse -

That's going to be hard

by NetMan1958 In reply to Still connected to the D ...

to make work and trouble-shoot because the traffic is being NAT'ed twice. The cisco is performing NAT on the traffic when it passes through it and the DLink is performing NAT when it passes through it. When you are able to be disconnected from work for a while, connect the cisco directly to the DSL/Cable modem and we can then do some accurate trouble-shooting.

Collapse -

Have you tried

by NetMan1958 In reply to establish a VPN connectio ...

to connect to the VPN yet? If so, what error message(if any) did you get? And last question, does that CheckPoint client have an option to enable NAT traversal?

Collapse -

OK I am know connected directly to the cable modem

by stuff In reply to Have you tried

Netman,

I am ready, the 1811 is now connected to my Cable Modem ( I have 2 of them so I connected my laptop PC to the other one. Let me know if you have any sugestions, thanks

Collapse -

Let's start with this

by NetMan1958 In reply to OK I am know connected di ...

Run this command on the cisco:
sh int fa0
look for the ip address in the output. Make sure it is a routable ip; that is it isn't within one of the following ranges:
10.x.x.x
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
169.x.x.x

If we pass that test see if you can ping the ip address of your VPN server at work (you may not be able to because they are filtering pings there, but if we can that is a good sign).
Also try to connect via the VPN client and see if you get the same error message.

Back to Networks Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums