1841 ADSL Router - Forward GRE/PPTP query

Unanswered Question
Feb 3rd, 2009

Hi,

<br />

<br />I have a customer that has an 1841 ADSL router as a backup to their main 10Mb ISP circuit. The customer has a windows server that they use for some remote access sessions with GRE/pptp. When the primary 10Mb link is in use, this works fine as the ASA on this link has a 1:1 NAT rule and allows port 1723 and protocol 47 through to this windows machine.

<br />

<br />When the 10Mb link is down, the customer would like to still be able to RAS into the windows machine but via the IP of the backup ADSL router (which is also connected to the ASA). Looking at various posts, I found that I need to have a static NAT for port 1723 on the inside to the dialer interface, which I have done - but I can't find how I would forward the protocol 47 traffic.

<br />

<br />I've attached a copy of the config from the ADSL router if anyone is interested.

<br />

<br />The IP of the windows RAS box is 192.168.247.113/24 on the DMZ of the ASA, which is translated as 81.X.X.X on the outside interface of the ASA.

<br />

<br />I hope that this makes sense - please let me know if you need any further information, and thanks in advance for any assistance.

<br />

<br />

<br />1) XXX-XXX-ADSL-02-conf-03-02-09_netpro.txt

<br />

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 02/09/2009 - 15:16

IP Protocol 47 which is GRE tunnel traffic. So there is VPN tunnel going through your device and all data going in that tunnel is translated as GRE traffic. You can only have one PPTP/L2TP connection through the PIX Security Appliance when you use PAT. This is because the necessary GRE connection is established over port 0 and the PIX Security Appliance only maps port 0 to one host.

Actions

This Discussion