|
|
|
|
| VPN setup with Cisco router and Windows 2000 or XP clients |
|---|
|
Problem:
Windows 95, 98 and NT all required separate third-party software to provide Virtual Private Network (VPN) connections. Windows 2000 and newer can not run these products, instead relying on its own proprietary solutions. Which, unfortunately, are near impossible to set up. Here's how we did it.
|
|
Solution:
On the router, you need an IOS which supports Virtual Private Dialup Networking (VPDN).
ROUTER CONFIGURATION
! Substitute with actual username(s) and password(s):
username [username] password 0 [password]
vpdn enable
no vpdn logging
! These IP addresses will be dynamically assigned to clients:
ip local pool RTP-POOL 192.168.101.1 192.168.101.254
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name cisco_pns
!
interface Virtual-Template1
! Clients will connect to the following physical interface:
ip unnumbered Ethernet0
ip mroute-cache
no keepalive
peer default ip address pool RTP-POOL
ppp encrypt mppe 40
ppp authentication ms-chap
CLIENT CONFIGURATION
This walkthrough describes Windows 2000. The XP setup is probably different since MS likes to play games with us, but you should be able to figure it out.
- Right-click on "My network connections" and click Properties
- Double-click on "New connection"
- Click Next, select "Connect to private network via Internet"
- If you want the VPN connection to automatically dial up and ISP for you, select this. Otherwise, select the first option.
- Enter the IP address of your Cisco router (use the IP address of the interface you specified, e.g. ip unnumbered Ethernet0)
- Select All users
- Type a descriptive name for the VPN connection, e.g. the company name
- Now click "Finish" and a password prompt will appear
- Type the username and password you specified on the router
- Check the Save password checkbox and click Connect
Et Voila!
You should now be able to access resources on that network as if you were locally connected.
IF it doesn't work, check the following on the router:
- Verify that the GRE protocol is permitted, and that clients can reach TCP/1723 on the router interface. Hint: The client may be sitting behind a firewall too.
- If you are running NAT on the router, add "ip nat inside" to the Virtual-Template 1 interface.
Unfortunately, troubleshooting on the client side is near impossible, the only error message I've been able to get is "619: The port was disconnected", and a "More details" button that recommends that you "reboot in case the changes have not been loaded correctly." *sigh*
|
|
|
|
|
|
This is free technical advice without any warranties.
Use at your own risk. Solutions offered may not apply to your particular problem at all.
Opinions and views expressed in the articles are the authors' personal
and may not necessarily reflect or coincide with those of Ano-Tech Computers.
We take no responsibility if anything bad happens from following any of
the intructions given. If you don't understand and accept this, please
contact us for personal assistance instead.
To read our full disclaimer, go
here.
We welcome anyone who is willing to contribute to this public knowledge base,
contact siteadmin@atc.no
if you have information you would like to share. The idea is not to replace
the commercial support sites, but to publish those hard-to-find
solutions you've found yourself looking for over and over again.
Show all articles
