Forums.ATC.no

Teknisk => Generelt teknisk => Emne startet av: ATC på 27. ſeptember 2008, 18:24 pm

Tittel: VPN setup with Cisco router and Windows 2000 or XP clients
Skrevet av: ATC på 27. ſeptember 2008, 18:24 pm

Windows 95, 98 and NT all required separate third-party software to provide Virtual Private Network (VPN) connections. Windows 2000 and newer can not run these products, instead relying on its own proprietary solutions. Which, unfortunately, are near impossible to set up. Here's how we did it.

Tittel: [Solved] VPN setup with Cisco router and Windows 2000 or XP clients
Skrevet av: ATC på 27. ſeptember 2008, 18:24 pm

On the router, you need an IOS which supports Virtual Private Dialup Networking (VPDN).


ROUTER CONFIGURATION

! Substitute with actual username(s) and password(s):
username [username] password 0 [password]

vpdn enable
no vpdn logging
! These IP addresses will be dynamically assigned to clients:
ip local pool RTP-POOL 192.168.101.1 192.168.101.254

vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
local name cisco_pns

!
interface Virtual-Template1
! Clients will connect to the following physical interface:
ip unnumbered Ethernet0
ip mroute-cache
no keepalive
peer default ip address pool RTP-POOL
ppp encrypt mppe 40
ppp authentication ms-chap


CLIENT CONFIGURATION

This walkthrough describes Windows 2000. The XP setup is probably different since MS likes to play games with us, but you should be able to figure it out.

- Right-click on "My network connections" and click Properties
- Double-click on "New connection"
- Click Next, select "Connect to private network via Internet"
- If you want the VPN connection to automatically dial up and ISP for you, select this. Otherwise, select the first option.
- Enter the IP address of your Cisco router (use the IP address of the interface you specified, e.g. ip unnumbered Ethernet0)
- Select All users
- Type a descriptive name for the VPN connection, e.g. the company name
- Now click "Finish" and a password prompt will appear
- Type the username and password you specified on the router
- Check the Save password checkbox and click Connect

Et Voila!
You should now be able to access resources on that network as if you were locally connected.

IF it doesn't work, check the following on the router:

- Verify that the GRE protocol is permitted, and that clients can reach TCP/1723 on the router interface. Hint: The client may be sitting behind a firewall too.
- If you are running NAT on the router, add "ip nat inside" to the Virtual-Template 1 interface.


Unfortunately, troubleshooting on the client side is near impossible, the only error message I've been able to get is "619: The port was disconnected", and a "More details" button that recommends that you "reboot in case the changes have not been loaded correctly." *sigh*