03-30-2007 08:03 AM - edited 03-11-2019 02:54 AM
Dear all,
We are trying to work out why a user is unable to connect to a pptp vpn server through our firewall.
They are on a NAT network going through our PIX and then to their Windows 2003 VPN server, now this works fine from an normal un-NAT network but not from a NAT network?
Pptp ports are open, GRE is enabled and working, it looks like I need nat-t enabled on my pix?
The setup is:
Client -> NAT(PIX)->PIX->VPN(PPTP)
Where our PIX firewall has 7 VLANS on it 3 of which are NAT's it runs itself, the other none NAT VLANS work fine for a VPN connection.
Now how do I turn NAT-T on our PIX? It's a 525 with v 7.x running on it?
Anyone got a quick fix for this issue?
Thanks.
Solved! Go to Solution.
03-30-2007 08:27 AM
Is the connection getting NATed or PATed? ie: is it a one-to-one translation or a many-to-one?
If it is getting PATed, you need to enable pptp inspection. If it is getting NATed only, then you just need to permit the traffic with your ACL (for inbound PPTP sessions that is TCP/1723 and GRE).
David.
03-30-2007 08:27 AM
Is the connection getting NATed or PATed? ie: is it a one-to-one translation or a many-to-one?
If it is getting PATed, you need to enable pptp inspection. If it is getting NATed only, then you just need to permit the traffic with your ACL (for inbound PPTP sessions that is TCP/1723 and GRE).
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide