Cisco ASA PPTP Passthru

Unanswered Question
Oct 16th, 2009

Hi All,

I have a situation wherein I do have multiple public IPs available to access different services inside the network.

One of the situation calls for PPTP to an inside MS Small Business Server 2008. I do have other services on that and hence I had port redirections static commands to this server address on inside. Since statics do not allow specifying protocols ( like GRE), so we need to do full outside to inside address mapping. However if the destination inside server address is the same, you can not do that. In this situation, even if you have allocated separate Public IP address to PPTP access ( via static (inside, outside) inside address1 outside address1) and say SMTP and HTTPS also (via static (inside, outside) tcp inside address1 eq port outside address2 any),  PPTP does not work. Since  I can not separate the server address for PPTP from other services,  and I can not have two different private addresses on same subnet assigned to my server NIC, how do you achieve this.

I have seen Cisco examples for PPTP, but they are not practical examples. They just assume that only PPTP is running on the server inside, but I have not been able to find a single example which will have PPTP and other services pointing to the same inside address.

Any help in this direction will be appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dpsharma Sat, 10/17/2009 - 10:51


Can someone advise me on this as I need to implement VPN this weekend?

Much thanks in advance.

dpsharma Tue, 10/20/2009 - 14:14

Hello All,

I resolved this issue by resorting to using the same Public IP for PPTP, RDP and SMTP ( which was firewall outside interface IP) and then replacing all tcp port redirect static commands with standard full IP translation static command from outside interface IP to server LAN interface IP.

RDP was just temp until I have server up and running and I have deleted that hole thru firewall and now use RWW https access to manage server.

I do hope Cisco will have in near future some way of allowing GRE protocol thru static command on ASA.




This Discussion