NAT and PPTP+IPSEC

Unanswered Question
Aug 4th, 2008
User Badges:

Hi,

i want to configure site-to-site ipsec vpn on ASA 5520 for remote branches. Earlier there used pptp clients connect through firewall to inside pptp server. For translate pptp session to inside server, through ASA i must use static nat, because it use GRE. Maybe someone knows how i can simultaneously use old pptp connections and ipsec site-to-site? Is there a possibility to disable nat for ipsec, and enable static nat for pptp connections(nat policy?)if have only one outside IP?

thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Mon, 08/04/2008 - 19:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u mean u want ur pptp go to server behind the firewall and the ipsec terminate on the ASA itself??


Marwan ALshawi Mon, 08/04/2008 - 22:36
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

make static pat for pptp traffic regarding u have put two statment one for pptp port and one for gre

i will make statment forwarding port 80

u do the same thing only replace the port and put the required ports for pptp and another one for gre

i will assume ur outside public address is 10.1.1.1 and ur internal server ip 20.1.1.1


static(inside,outside) tcp 10.1.1.1 80 20.1.1.1 80 netmask 255.255.255.255


u can use tcp or udp


and make statment for each port


for ipsec because u r terminating the session on the outside interface it self u dont need any pating

but what u need

u need somthing called nat exmption

or nat 0

this will prevent the traffic going from ur site to the remot site from being nated and just go directly through the IPsec tunnels


lets say ur remite site private network is 192.168.1.0/24

and ur private network is 20.1.1.0./24

do:

access-list 100 permit ip 20.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list 100


good luck

and if u need any more info just post it here


please, if helpful Rate

Marwan ALshawi Tue, 08/05/2008 - 06:13
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

cool try all concept


and if u need anymore details post here


if helpful post


Actions

This Discussion