cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
442
Views
0
Helpful
5
Replies

NAT and PPTP+IPSEC

mokhovikov
Level 1
Level 1

Hi,

i want to configure site-to-site ipsec vpn on ASA 5520 for remote branches. Earlier there used pptp clients connect through firewall to inside pptp server. For translate pptp session to inside server, through ASA i must use static nat, because it use GRE. Maybe someone knows how i can simultaneously use old pptp connections and ipsec site-to-site? Is there a possibility to disable nat for ipsec, and enable static nat for pptp connections(nat policy?)if have only one outside IP?

thanks in advance.

5 Replies 5

Marwan ALshawi
VIP Alumni
VIP Alumni

u mean u want ur pptp go to server behind the firewall and the ipsec terminate on the ASA itself??

yes.if that is possible

make static pat for pptp traffic regarding u have put two statment one for pptp port and one for gre

i will make statment forwarding port 80

u do the same thing only replace the port and put the required ports for pptp and another one for gre

i will assume ur outside public address is 10.1.1.1 and ur internal server ip 20.1.1.1

static(inside,outside) tcp 10.1.1.1 80 20.1.1.1 80 netmask 255.255.255.255

u can use tcp or udp

and make statment for each port

for ipsec because u r terminating the session on the outside interface it self u dont need any pating

but what u need

u need somthing called nat exmption

or nat 0

this will prevent the traffic going from ur site to the remot site from being nated and just go directly through the IPsec tunnels

lets say ur remite site private network is 192.168.1.0/24

and ur private network is 20.1.1.0./24

do:

access-list 100 permit ip 20.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list 100

good luck

and if u need any more info just post it here

please, if helpful Rate

cool try all concept

and if u need anymore details post here

if helpful post

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: