I'm trying to set up a PPTP VPN on a Cisco 831 router. I've got the routers
800-series software configuration guide from the Cisco site but it talks about IPSEC instead. I came up with a document at Cisco called "Configuring the Cisco Router and VPN Clients Using PPTP and MPPE. It's pretty close to what I want but is actually written for a Cisco 2621. So here's what I'm doing but it doesn't yet work (I'm just typing the main stuff here. The access-list 111 actually permits a variety of other things as well, such as icmp, stmp, pop3, www, etc):vpdn-group 1 description My VPDN remote-access group request-dialin protocol pptp source vpdn-template virtual-template1
interface Ethernet1 description $ETH-WAN$ ip address (our external internet IP address goes here, followed by subnet mask) ip access-group 111 in ip nat outside no ip mroute-cache no cdp enable hold-queue 32 in
interface Virtual-Template1 ip unnumbered Ethernet0 peer default ip address pool PPTP_pool no keepalive ppp encrypt mppe auto ppp authentication pap chap ms-chap
ip local pool PPTP_pool 192.168.1.1 192.168.1.10
access-list 111 permit tcp any any eq 1723 access-list 111 permit gre any any access-list 111 deny ip any any
I've actually got a working PPTP VPN set up on my PIX 506e, but the command set on the Cisco 831 router is somewhat different. For example, on the PIX the VPN username is set up via the command 'vpdn username anyname password anypassword', but this command doesn't exist on the 831. Instead, I just create a username/password in general on the 831. By the way, the internal LAN network for the 831 is 172.16.x.x, 255.255.0.0. One main thing that I'm doing different on the PIX is:
access-list acl_PPTP permit ip 172.16.0.0 255.255.0.0 192.168.1.0
255.255.255.0 access-list acl_PPTP permit icmp 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list acl_PPTPMy VPN setup on the PIX (only part of it shown here) works great, but I can't get the Router 831 equivalent working. Can anyone suggest a PDF, web link, or direct comments as to why the configuration shown at the top of this posting isn't sufficient? It seems I'm on the right track but am missing a couple of configuration steps.
Thanks in advance,
Tom Edelbrok