PPTP VPN works on PAT or NAT? Please help..

Unanswered Question
Jan 19th, 2009
User Badges:

I have a pptp based vpn connection with client. While allowing the traffic towards internet for vpn connection, there are 2 ASA configured with PAT. I configured an IP base ACL from client to PPTP server. Initially the connection is establishing but after some time it get drops. Please suggest if it is because of the PAT, which is configured on the ASA. As per my knowledge PPTP vpn works on static nat.

Your suggestion on this will be appreciable.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 01/19/2009 - 19:45
User Badges:
  • Green, 3000 points or more


Im sure you have come across this link bellow, if not PLS take a look at it to understand PPTP and GRE in PIX/ASA/FWSM.

In essence you will need a one-to-one NAT address translation. I have tested this many times using PAT in both PIX 6.x and ASA 7.x.

PPTP will work with PAT only if you have a single PPTP client in your network connecting to a PPTP server on the outside using PAT as long you have fixup protocol pptp 1723 for code 6.x and pptp inspection for code 7.x in your global policy. So..if only one source in your LAN is using PPTP you are fine, if more than one user needs to PPTP you will then need a one to one NAT.

But you have indicated that pptp connection is stablished and after a while it drops, I would suggest to look into some logs at both ends to determined what is causing the drop.




This Discussion