Firewall Wizards mailing list archives

RE: Cannot establish PPTP VPN connection thru PAT on Cis co router

From: Ben Nagy <bnagy () sa volante com au>
Date: Mon, 18 Sep 2000 09:33:09 +0930

-----Original Message-----
From: shewitt () cdw com [mailto:shewitt () cdw com]
Sent: Friday, 15 September 2000 6:41 AM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Cannot establish PPTP VPN connection thru 
PAT on Cisco
router

[snip]

 My thought is that maybe it 
doesn't work thru
PAT, it only works thru NAT.


*BING!*

Congratulations. ;) Look at it this way - GRE doesn't have any port
information, so if you're trying to overload on an external IP address
there's no way for the router to know which internal host to give the return
GRE traffic to.

You'll need to have a static NAT mapping for this to work. You can still
overload for the rest of your TCP / UDP traffic, but you'll only be able to
support one PPTP connection per real IP address that you have.


Any suggestions?  Anybody have PPTP working thru PAT on a 
Cisco router?


No, but a few through NAT with the method above.

-------------------------------
Scott Hewitt


Cheers,

--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304  Mobile: +61 414 411 520 

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

RE: Cannot establish PPTP VPN connection thru PAT on Cis co router shewitt (Sep 18)
- <Possible follow-ups>
- RE: Cannot establish PPTP VPN connection thru PAT on Cis co router Ben Nagy (Sep 18)
  - RE: Cannot establish PPTP VPN connection thru PAT on Cis co router Ryan Russell (Sep 18)