Networks

Question

Locked

Cisco 1811: Unable to connect to VPN at work, using passthrough

By stuff ·
I am using a CISCO 1811 ( not the wireless one). I have a cable modem on FA0, before I got this 1811 I was connected using a D Link and I had to configure it for something called VPN passthrough I believe. Now I am unable to connect to my work from home and I have no idea how to fix that, please help. I tried to use SDM but it asked me for the source ip and I do not have that. Thanks

Here is my config file:
Current configuration : 3347 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
memory-size iomem 15
!
crypto pki trustpoint TP-self-signed-950502357
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-950502357
revocation-check none
rsakeypair TP-self-signed-950502357
!
!
crypto pki certificate chain TP-self-signed-950502357
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39353035 30323335 37301E17 0D303830 39313432 33353833
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3935 30353032
33353730 819F300D 06092A86 4886F70D 01010105 000381 00308189 02818100
EB14D5BF CF0B2CD5 9D366FAD 3CA50296 156BA69F 689348F1 E8D03A6E 6BD1FF71
E680FEB8 812E7C91 E3CE2F93 3F518E45 1CC0FAD7 C4600BF9 E422195C 347D1C3A
EEAC213D 7FE3B27D 99F14C48 5609EC97 BA3D8F55 C71E0019 8EA70BF5 13CC7F63
C0AD23D6 C93E27D4 FFDC2703 E217FDB1 6409C6A7 1473DFB2 475C6C78 15FE3F23
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 801495B1 4AF7CADD
AF8B3DA3 B1EE08E6 873F63EA 2C85301D 0603551D 0E041604 1495B14A F7CADDAF
8B3DA3B1 EE08E687 3F63EA2C 85300D06 092A8648 86F70D01 01040500 03818100
06E9572E FEFE1C43 00661755 DE4CCE3E 3D246567 95F34204 8F6B9954 DE9B94EA
1F357DA5 4030CAA2 EE757F33 2E2F5D30 6FA499DD 6B31DBE4 F7F3F4BE ED73DE02
E3559239 D6AC91A9 F98B8280 34ADE4CC AB235204 7CD3504E 745F4527 705A7BF5
C1E3304A 7B527B38 66044EA5 56022666 4194B29B 7E5681C4 9C676A0E 7F64EA53
Quit
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool MAIN
import all
network 192.168.1.0 255.255.255.0
dns-server 65.32.1.65 65.32.1.70
default-router 192.168.1.1
!
!
ip cef
no ip domain lookup
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
username admin privilege 15 password 0 xxxxxxx
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
! !
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login
!
end

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Good News / Bad News

by stuff In reply to Let's start with this

Netman,

Let me start by saying that I have 2 cable modems, one is giving me a 172.16.0... ip, the other one has a static ip but when I configure the FA0 with the static info (x.x.x.x/30) I loose connection to the outside. I think I would have to chage something in the vlan1 or NAT but I am not sure what...

Collapse -

Not a problem

by NetMan1958 In reply to Good News / Bad News

When using a static ip you need to change the default route to point to the ISP's gateway. So this:
ip route 0.0.0.0 0.0.0.0 dhcp
needs to be:
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
where the X's are replaced the ip address of the router at your ISP. You should have received that info from your ISP. Alternatively, this will sometimes work:
ip route 0.0.0.0 0.0.0.0 interface fa0

Try one of those and let me know.

Collapse -

Oh yeah

by NetMan1958 In reply to Good News / Bad News

Also, with a /30 mask your gateway will either be +1 or -1 from your static ip since there are only 2 usable ip's with a /30. So, if your static ip is xx.xx.xx.10 your gate way will be xx.xx.xx.9 or xx.xx.xx.11.

Collapse -

OK I am there

by stuff In reply to Good News / Bad News

I am configured now with a static IP, I have the cisco connected to the cable modem, also I have the Dlink connected to the FA0 and my laptop (from work) is connected to the dlink via wireless, and guess what, I was able to log into the VPN client. Why was it that I could not do so when It was all the way around???

Thanks for your help, I really appreciate it!

Collapse -

VPN through NAT

by NetMan1958 In reply to Good News / Bad News

can be a tricky thing. Mostly what I was interested in doing was eliminating the DLink (since I don't know much about their stuff, and because your goal was to use the cisco) and then making the VPN work going through the cisco. It looks like we got lucky and killed 2 birds with 1 stone.

Sometime when you have time, google ipsec/vpn nat traversal and look for an article that discusses the methods used to get vpn traffic across NAT boundries. It's rather involved, but part of the problem is that NAT changes the source port of a packet in addition to the ip address and then you throw in some of the packets getting fragmented plus vpn clients are not all alike. It all adds up to cause problems.

Collapse -

thanks man

by stuff In reply to establish a VPN connectio ...

I really appreciate it. I am going to check that information. I am in the process of learning all this stuff, I can configure routers like netgear, lynksys, dlink, motorola all day long but CISCO, I am just starting, and I need to because I am a technical specialist for the local cable company ( that's why I have 2 modems and I can configure them as I please static or dynamic) and I have been installing commercial modems, worked with fiber and comercial digital phone but we are heading straight to IP trunking ( for comercial bussiness phone) so I better get to it. I am sure I will see you again, I am working on my CCNA and asking a lot of questions as I go. Thanks for all your help and for sharing your knowledge.

Collapse -

You are very welcome

by NetMan1958 In reply to thanks man

and since you are working on Cisco certs, you might be interested in checking out Chris Bryant's materials. I've used his materials along the way and they are very good. I especially recommend his video boot camps.
http://www.thebryantadvantage.com

http://www.thebryantadvantage.com/CCNA%20Store.htm

Related Discussions

Related Forums