PAT Multiple PPTP or Not

Answered Question

When searching cisco.com for configuration examples on allowing PPTP through an PIX or an ASA I found the term PAT for Point-to-Point Tunneling Protocol (PPTP) in the 6.3 release notes. It is specifically for allowing multiple PPTP connections through the PIX.

Now when I look for configuration examples, everything says that it isn't possible to have multiple PPTP tunnels through a pix or asa.

So which is are the release notes right or the config examples?

Has this feature been dropped in 6.3?

Thanks,

Brian

Release Notes for 6.3:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_data_sheet09186a0080148714.html

Config Example:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml#ts1

I have this problem too.
0 votes
Correct Answer by kaachary about 9 years 7 months ago

Correcting myself..

When the PPTP server is behind a patted ip address, the connection would simply not work.

With clients behind a patted ip address, only first connection would work. Multiple connections would not work with out one to one translation.

I apologise for the wrong information.

HTH,

-Kanishka

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (1 ratings)
Loading.
kaachary Wed, 02/21/2007 - 02:39

Hi,

The part of the config example you are talking about, where it says that multiple pptp connection are not possible through PAT, is specifically for the scenario :

"PPTP with the Client Outside and the Server Inside"

When PPTP server is behind a patted ip address, only one connections is possible, and this is true for all Cisco devices.

When clients are behind a patted ip address, you need to add "fixup protocol pptp 1723" on the PIX for multiple PPTPT connections.

HTH,

-Kanishka

Correct Answer
kaachary Wed, 02/21/2007 - 03:31

Correcting myself..

When the PPTP server is behind a patted ip address, the connection would simply not work.

With clients behind a patted ip address, only first connection would work. Multiple connections would not work with out one to one translation.

I apologise for the wrong information.

HTH,

-Kanishka

Actions

This Discussion