UC500.com

Hi All,

OK, so I've got one last little issue with our UC520 before we go live.
I have my firewall and static NAT running very well. All of our internet-enabled services are available to the internet.

I can't, however, run our internal Windows VPN server (PPTP). And I also can't connect to external VPN servers.

My relevant config is as follows:

ip nat inside source static tcp 10.10.10.1 80 interface FastEthernet0/0 80
ip nat inside source static tcp 10.10.10.1 443 interface FastEthernet0/0 443
ip nat inside source static tcp 10.10.10.1 25 interface FastEthernet0/0 25
ip nat inside source static tcp 10.10.10.1 3389 interface FastEthernet0/0 3389
ip nat inside source static tcp 10.10.10.10 21 interface FastEthernet0/0 21
ip nat inside source static tcp 10.10.10.128 3390 interface FastEthernet0/0 3390
ip nat inside source static tcp 10.10.10.1 1723 interface FastEthernet0/0 1723
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static 10.10.10.5 xx.148.97.101
ip nat inside source static 10.10.10.4 xx.148.97.108
!
access-list 100 permit tcp any 10.10.10.0 0.0.0.255 established
!
access-list 104 permit ip host 10.10.10.80 any
access-list 104 permit ip host 10.10.10.81 any
access-list 104 permit ip host 10.10.10.82 any
access-list 104 permit ip host 10.10.10.83 any
access-list 104 permit ip host 10.10.10.84 any
access-list 104 permit ip host 10.10.10.85 any
access-list 104 permit ip host 10.10.10.86 any
access-list 104 permit ip host 10.10.10.87 any
access-list 104 permit ip host 10.10.10.88 any
access-list 104 permit ip host 10.10.10.89 any
access-list 104 permit udp any host xx.148.97.102 eq non500-isakmp
access-list 104 permit udp any host xx.148.97.102 eq isakmp
access-list 104 permit esp any host xx.148.97.102
access-list 104 permit ahp any host xx.148.97.102
access-list 104 permit tcp any host xx.148.97.102 eq 1723
access-list 104 permit tcp any host xx.148.97.102 eq 3390
access-list 104 permit tcp any host xx.148.97.102 eq ftp
access-list 104 permit tcp any host xx.148.97.102 eq 3389
access-list 104 permit tcp any host xx.148.97.102 eq smtp
access-list 104 permit tcp any host xx.148.97.102 eq 443
access-list 104 permit tcp any host xx.148.97.102 eq www
access-list 104 permit tcp any host xx.148.97.101 eq 22
access-list 104 permit tcp any host xx.148.97.101 eq www
access-list 104 permit tcp any host xx.148.97.101 eq 443
access-list 104 permit tcp any host xx.148.97.101 eq 10000
access-list 104 permit tcp any host xx.148.97.108 eq www
access-list 104 permit tcp any host xx.148.97.108 eq 443
access-list 104 permit tcp any host xx.148.97.108 eq 3389
access-list 104 permit icmp any host xx.148.97.102 echo-reply
access-list 104 permit icmp any host xx.148.97.102 time-exceeded
access-list 104 permit icmp any host xx.148.97.102 unreachable
access-list 104 permit icmp any host xx.148.97.101 echo-reply
access-list 104 permit icmp any host xx.148.97.101 time-exceeded
access-list 104 permit icmp any host xx.148.97.101 unreachable
access-list 104 permit icmp any host xx.148.97.108 echo-reply
access-list 104 permit icmp any host xx.148.97.108 time-exceeded
access-list 104 permit icmp any host xx.148.97.108 unreachable
access-list 104 permit udp any any eq 5060
access-list 104 permit udp any eq 5060 any
access-list 104 permit udp any any range 16384 32767
access-list 104 permit udp host 64.59.184.13 eq domain any
access-list 104 permit udp host 64.59.184.15 eq domain any
access-list 104 deny ip 10.1.10.0 0.0.0.3 any
access-list 104 deny ip 10.1.1.0 0.0.0.255 any
access-list 104 deny ip 10.10.10.0 0.0.0.255 any
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any log
!
access-list 105 permit ip any any