Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
2
Replies

Passing MS PPTP traffic through a NAT router

doncrawley
Level 1
Level 1

‎01-13-2008 05:29 AM - edited ‎03-09-2019 07:51 PM

I have a 2611 running IOS 12.3 configured as a NAT router. I need to allow external PPTP VPN clients to connect to a MS Win 2003 server running RRAS on my inside network. I have configured static nat to forward TCP port 1723 traffic from the router's outside interface to the 2003 server, but there doesn't appear to be a way to use static NAT to forward GRE traffic. I've tried building an access-list with no success. External clients are able to reach the server, but authentication fails. I tested the connection with internal clients successfully, so I know that the RRAS server is set up correctly. When external clients attempt to connect, the connection appears to be successful, but the process hangs on authentication. I've followed the steps listed in Document ID 12483 explicitly, but still no success. Any help will be greatly appreciated.

Don R. Crawley, DTM, CSP
Author and speaker for the IT industry
Author of The Compassionate Geek and Accidental Administrator series of books for I.T. professionals.
http://amazon.com/author/doncrawley
Labels:
0 Helpful
2 Replies 2

htarra
Level 4
Level 4

‎01-18-2008 01:14 PM

The platform and the IOS image do support GRE going outbound (after all it is just an IP packet passing through the router). Where your problem is however, is that PPTP and more specificall GRE does not work well with PAT or "overloading" of the interface. For PPTP (GRE) to work through this you will need to have a static translation for the client machine accessing the PPTP server, or be using a non-overloaded interface.

0 Helpful

doncrawley
Level 1
Level 1
In response to htarra

‎01-18-2008 01:30 PM

Thanks for your reply. Actually, I solved the problem by upgrading to a slightly newer version of the IOS. The problem apparently was a software bug. PPTP and GRE both work fine with PAT and overloading on the outside interface. It is now working fine, as described in Document ID: 12483.

Don R. Crawley, DTM, CSP
Author and speaker for the IT industry
Author of The Compassionate Geek and Accidental Administrator series of books for I.T. professionals.
http://amazon.com/author/doncrawley
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents