Netscreen PPTP Pass Through. For Microsoft VPN Client usage.

How to enable pptp / ms vpn through a netscreen 5xt.

To address this problem, enable the VIP multi-port command, which will allow configuration of a VIP service which has more than 1 port it listens to.  Without this command, a VIP service can only listen to one port.  Note that setting VIP multi-port will require a reboot.

From the command line interface (CLI):

set vip multi-port [Enter]
save [Enter]
reset [Enter]

The multi-port command will match the first port it sees in the custom service.

Next, define a custom service for PPTP and apply this service in the VIP.  From the CLI:

set service CustomPPTP group "other" 47 src 2048-2048 dst 2048-2048 [Enter]
set service CustomPPTP + tcp src 0-65535 dst 1723-1723 [Enter]
set interface ethernet0/0 vip 2048 CustomPPTP 10.1.1.10 [Enter]


Finally, create an incoming policy with destination address as the VIP using the custom service object.  From the CLI:

set policy from untrust to trust "any" "VIP::1" "CustomPPTP" permit [Enter]
save [Enter]

In this example, the PPTP server was assumed to be on the trust side of the Firewall, at IP address 10.1.1.10. Note that for Microsoft Windows, the custom PPTP service must contain both TCP port 1723 and IP protocol 47 with port 2048. The source port for TCP 1723 must be 0-65535 to allow for any source port.

I used this setup for vpn enabling to a windows 2003 small business server. And it worked fine and fast.

Tip for small business 2003 use the build in vpn wizard.

Cisco Router 878 in a SHDSL mode and bridged.

Yesterday during my work i configured a router what may be is useful to use when you need to configure a router in bridge mode. When you have a Dialer interface. PPPoA connection…

The example configuration is based on a cisco router 878 but parts of the configuration are also able to use with a Cisco ADSL Router like an 877 or an 878.

Building configuration…

Current configuration : 4049 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname < Routername >
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging rate-limit
enable secret < password >
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
aaa session-id common
!
resource policy
!
clock timezone GMT+1 1
clock summer-time GMT+1 recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip domain name < domainname >
ip name-server < dns 1 >
ip name-server < dns 2 >
ip ssh rsa keypair-name RSA_SSH
no ip ips sdf builtin
!
!
!
username <username>  privilege 15 secret 5 <password>

!
!
controller DSL 0
 mode atm
 line-term cpe
 line-mode 2-wire line-zero
 dsl-mode shdsl symmetric annex B
 line-rate auto
!
no crypto isakmp enable
!
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0 0/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 10
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description connected to Cisco Pix 506, WAN
 ip address < IP address / Subnet range >
 no ip proxy-arp
!
interface Dialer10
 description connected to ATM0 – SDSL
 ip unnumbered Vlan1
 encapsulation ppp
 dialer pool 10
 dialer-group 10
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username < login name  > password < password >
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer10 100 permanent
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL interface Dialer10 overload
!
access-list 11 remark ———————————————————-
access-list 11 remark IP inspect OUT java-list
access-list 11 permit any
access-list 21 permit < ip add >
access-list 21 remark ———————————————————-
access-list 21 remark SNMP & Telnet
access-list 21 remark ———————————————————-
access-list 21 permit < ip range remote ssh >
access-list 21 permit < ip range remote ssh >
dialer-list 10 protocol ip permit
snmp-server community mrtg RO 21
snmp-server location < location information >
snmp-server contact < contact information >
snmp-server enable traps tty
no cdp run
!
!
control-plane
!
banner motd #
*************************************************************
This system is restricted to authorized users for legitimate
purposes and is subject to audit. The unauthorized access,
use or modification of computer systems or the data contained
therein or in transit to/from, may be illegal.
                                                                                
Contact information:                                                    
< Contact information >                                                 
*************************************************************
#
!
line con 0
 exec-timeout 120 0
 password < password >
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 120 0
 privilege level 15
 password < password >
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp clock-period 17179872
sntp server 145.24.129.6
sntp server 213.239.154.12
sntp server 193.79.237.14
sntp broadcast client
end

Usefull Checklist to have when you add an ip phone to a cisco Call Manager 4.1.(3)

 

Below a useful checklish for an ip phone add to a call manager 4.1.(3) it’s use ful because some times you don’t walk the correct route for adding an ip phone. May be handy. I think for my personal it’s pretty usefull when you are a beginner with Call Managers.

Configuration Steps		Procedures and Related Topics
Step 1	Gather the following information about the phone: • Model • MAC address • Physical location of the phone • Cisco Call Manager user to associate with the phone • Partition, calling search space, and location information, if used • Number of lines and associated DNs to assign to the phone	Phone Search
Step 2	Add and configure the phone.	Adding a Phone, Cisco Call Manager Administration Guide
Step 3	Add and configure lines (DNs) on the phone. You can also configure phone features such as call park, call forward, and call pickup.	Adding a Directory Number, Cisco Call Manager Administration Guide
Step 4	Configure speed-dial buttons. You can configure speed-dial buttons for phones if you want to provide speed-dial buttons for users or if you are configuring phones that do not have a specific user who is assigned to them. Users can change the speed-dial settings on their phones by using Cisco IP Phone User Options.	Configuring Speed-Dial Buttons, Cisco Call Manager Administration Guide
Step 5	Configure Cisco IP Phone services. You can configure services for Cisco IP Phone models 7970, 7961, 7941, 7912, 7906, and Cisco IP Communicator if you want to provide services for users or if you are configuring phones that do not have a specific user who is assigned to them. Users can change the services on their phones by using the Cisco IP Phone User Options.	Configuring Cisco IP Phones, Cisco Call Manager Administration Guide
Step 6	Customize phone button templates and softkey templates, if required. Configure templates for each phone.	Adding Phone Button Templates, Cisco Call Manager Administration Guide Configuring Cisco IP Phones, Cisco Call Manager Administration Guide Adding Nonstandard Softkey Templates, Cisco Call Manager Administration Guide
Step 7	Assign services to phone buttons, if required.	Adding a Cisco IP Phone Service to a Phone Button, Cisco Call Manager Administration Guide
Step 8	Provide power, install, verify network connectivity, and configure network settings for the Cisco IP Phone.	Cisco IP Phone Administration Guide for Cisco Call Manager
Step 9	Associate user with the phone (if required).	Associating Devices to a User, Cisco Call Manager Administration Guide
Step 10	Make calls with the Cisco IP Phone.	Refer to the user guide for your Cisco IP Phone