×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PAT + PIX + PPTP

Unanswered Question
May 30th, 2002
User Badges:

Hi All,

Is that possible if the clients do the pptp traffic to the microsoft pptp server with PAT enabled on the pix ?? There is no static nat on the PIX, all using the the same ip to go to the internet....



Clients with pptp ----PIX (PAT Enabled)--------Microsoft PPTP server


When I tried to dial from pptp client to the server I got this error message from the pix...


305006: regular translation creation failed for protocol 47 src inside:1


Thanks in advance


Regards




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wongsusanto Sun, 06/02/2002 - 17:33
User Badges:

Hi,

I have tried PPTP with PAT-enabled router..it works....but why it doesn't work with PIX. Is there a different translation algorithm (PAT ) between PIX and router ??

Another problem, I have set a vpn connection between PIX as a vpn gateway and VPN client. The VPN can be established, but VPN client can initiate the traffic, if the inside users which are behind the fire wall can initiate the traffics to VPN client. I tried to ping to the inside network, I can not ping them, although the users are alive, the vpn client can only ping the firewall inside interface.


thanks and regards

Wong


If you configure PPTP on the PIX it will work with nat.


ip local pool vpnpool 10.0.1.1-10.0.1.254

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local vpnpool

vpdn group 1 client configuration dns 10.0.1.237

vpdn group 1 client configuration wins 10.0.1.237

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username pptp-Username password pwd

vpdn enable outside


You can also add a Radius server for authentication. This is the minimum config for a PPTP connection VPN.


http://www.cisco.com/warp/public/110/pptppix.html


Hope this helps.


Michael

edadios Wed, 07/10/2002 - 19:14
User Badges:
  • Silver, 250 points or more

Unfortunately, PPTP passthrough on a PIX doing PAT is not supported on the current PIX codes.

You are correct, the routers after code 12.1.2T can do it, but it has not been done on the PIX code.

Regards,

mikema Tue, 07/16/2002 - 01:44
User Badges:

do you know how to setup pix so that PPTP client behind pix with PAT works fine?


PPTP client -- pixfirewall 515 with PAT --|-- internet -- PPTP Server


before upgading to pixfirewall, we used WatchGuard SOHO, and didn't set anything for PPTP traffic. However, since with pix, when I try to connect PPTP server, I always get an error 721,

PPP conversation was attempted .....


Any idea?


Thanks


Mike

paqiu Tue, 07/16/2002 - 03:12
User Badges:

PPTP passing PAT is a special feature.

PIX does not support this feature yet.

Cisco routers with 12.1.4T above code support PPTP over PAT.


Best Regards,


francoso Thu, 02/20/2003 - 07:10
User Badges:

Will PIX support PPTP passing PAT in the coming version 6.3 ?

Actions

This Discussion