Cisco 2514 pptp VPN server and NAT gateway

By b8bandy ·
Hi everyone:

Currently i m setting up a Cisco 2514 as my NAT gateway at home. its ethernet0 is connected to the internet and ethernet1 is connected to my LAN. Its IOS is c2500-JK8OS-L.12.2. i believe it support encryption for this ios. so i m trying to apply the VPN functionality into my cisco 2514 so that i could remote access for my LAN resources.
i have read severals VPN materials from the internet. below is one of the tutorials i have read.

I have followed every steps of the tutorial and create a vpn client from my win2k using pptp as the connection. when i try to connect the client to the vpn server, the client side keeps on saying cant be connected.

however, i just couldnt make the pptp vpn connection work to access to my LAN from the internet. so I would like to ask all the network professionals that is it impossible to setup a VPN server onto a NAT gateway? The vpn only works when i turn off the nat function by canceling nat out on my ethernet0. By the way, my internet is on 24 7 and my machines with my LAN have no problem accessing to the internet.

Would any of you like to help me out? or have a look at my config for correction?

thankyou very much and have a good day.

hostname 22SHALLOWFORD
logging rate-limit console 10 except errors
enable secret 5 $1$t1/B$6lzwVVMM0wDHYfPyrAKmN/
ip subnet-zero
no ip finger

vpdn enable
vpdn-group VPN
protocol pptp
virtual-template 1

aaa new-model
aaa authentication ppp default local
username client password 0 testclient

ip local pool vpnpool

interface Virtual-Template1
ip unnumbered Ethernet1
encapsulation ppp
peer default ip address pool vpnpool
no keepalive
ppp encrypt mppe 40 re
ppp authentication ms-chap

ip name-server
ip name-server
ip dhcp excluded-address

ip dhcp pool lan
import all
no ip dhcp-client network-discovery
interface Ethernet0
description this connects to the ISP
mac-address 0017.4235.dcc2
ip address dhcp
ip nat outside
no ip mroute-cache
interface Ethernet1
description this connects to the LAN
ip address
ip nat inside
--More-- no ip mroute-cache
interface Serial0
no ip address
interface Serial1
no ip address
ip kerberos source-interface any
ip nat inside source list 101 interface Ethernet0 overload
ip classless
ip http server
access-list 101 permit ip any any
banner motd ^CCCC

Unauthorized Use Is Prohibited

All access to this device and network are logged. If
you do not own this device or have access you

must disconnect immediately

line con 0
transport input none
line aux 0
transport input all
line vty 0 4
password class
ntp clock-period 17179729
ntp server key 0 prefer
ntp server
ntp server
ntp server

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums