Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and PIX VPN issue?

Dear all,

We are trying to work out why a user is unable to connect to a pptp vpn server through our firewall.

They are on a NAT network going through our PIX and then to their Windows 2003 VPN server, now this works fine from an normal un-NAT network but not from a NAT network?

Pptp ports are open, GRE is enabled and working, it looks like I need nat-t enabled on my pix?

The setup is:

Client -> NAT(PIX)->PIX->VPN(PPTP)

Where our PIX firewall has 7 VLANS on it 3 of which are NAT's it runs itself, the other none NAT VLANS work fine for a VPN connection.

Now how do I turn NAT-T on our PIX? It's a 525 with v 7.x running on it?

Anyone got a quick fix for this issue?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: NAT and PIX VPN issue?

Is the connection getting NATed or PATed? ie: is it a one-to-one translation or a many-to-one?

If it is getting PATed, you need to enable pptp inspection. If it is getting NATed only, then you just need to permit the traffic with your ACL (for inbound PPTP sessions that is TCP/1723 and GRE).

David.

1 REPLY
Silver

Re: NAT and PIX VPN issue?

Is the connection getting NATed or PATed? ie: is it a one-to-one translation or a many-to-one?

If it is getting PATed, you need to enable pptp inspection. If it is getting NATed only, then you just need to permit the traffic with your ACL (for inbound PPTP sessions that is TCP/1723 and GRE).

David.

99
Views
0
Helpful
1
Replies