PPTP VPN works on PAT or NAT? Please help..

Unanswered Question

I have a pptp based vpn connection with client. While allowing the traffic towards internet for vpn connection, there are 2 ASA configured with PAT. I configured an IP base ACL from client to PPTP server. Initially the connection is establishing but after some time it get drops. Please suggest if it is because of the PAT, which is configured on the ASA. As per my knowledge PPTP vpn works on static nat.

Your suggestion on this will be appreciable.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 01/19/2009 - 19:45

Hi,

Im sure you have come across this link bellow, if not PLS take a look at it to understand PPTP and GRE in PIX/ASA/FWSM.

In essence you will need a one-to-one NAT address translation. I have tested this many times using PAT in both PIX 6.x and ASA 7.x.

PPTP will work with PAT only if you have a single PPTP client in your network connecting to a PPTP server on the outside using PAT as long you have fixup protocol pptp 1723 for code 6.x and pptp inspection for code 7.x in your global policy. So..if only one source in your LAN is using PPTP you are fine, if more than one user needs to PPTP you will then need a one to one NAT.

But you have indicated that pptp connection is stablished and after a while it drops, I would suggest to look into some logs at both ends to determined what is causing the drop.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Regards

Actions

This Discussion