Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multiple PPTP clients behind a Nat router

I am having an issue with a Cisco 3000 VPN server. Multiple clients at one location need to connect back to the VPN server via PPTP. The location is served by a DSL line with a basic NAT router. The first client is able to connect and the rest are rejected. I am assuming this is a "security feature" of the 3000 box. My guess is that the 3000 likes an individual IP address for each session. Has anyone seen this problem?

John

6 REPLIES
Cisco Employee

Re: Multiple PPTP clients behind a Nat router

Hi,

PPTP thru PAT is not supported.

Thanks

Ranjana

New Member

Re: Multiple PPTP clients behind a Nat router

Hi Ranjana,

Why is it so that PPTP is not supported thru PAT. I understand that ipsec is not supported coz of esp not using ports...but how the same applies to pptp as it uses pptp for tunneling and mppe for encryption

Thanks

Atul.

Cisco Employee

Re: Multiple PPTP clients behind a Nat router

Hi Atul,

PPTP uses GRE, so the NAT/PAT device should be capable of handling GRE/PAT.

Thanks

Ranjana

New Member

Re: Multiple PPTP clients behind a Nat router

This is very disappointing. Because now I must go back to using RRAS on Win2k. Cisco should add this feature to the 3000 VPN box.

Cisco Employee

Re: Multiple PPTP clients behind a Nat router

Hi,

I missed adding in my previous message that it appears that your router doesn't support GRE/PAT. The Concentrator supports PPTP through PAT as long as your NAT/PAT device supports GRE/PAT

Thanks

Ranjana

New Member

Re: Multiple PPTP clients behind a Nat router

The VPN 3000 series will only allow a single connection from a particular IP address. Snapgear makes a $300 router that will build the PPTP connection to the Cisco 3000 box and then multiple clients can go through that tunnel. The individual client machines do not create a tunnel or authenticate in this scenario. It's a nailed-up point-to-point connection connecting two lans. I have one engineer using this from home quite successfully.

Tom Zeller

Indiana University

750
Views
0
Helpful
6
Replies