Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and PPTP+IPSEC

Hi,

i want to configure site-to-site ipsec vpn on ASA 5520 for remote branches. Earlier there used pptp clients connect through firewall to inside pptp server. For translate pptp session to inside server, through ASA i must use static nat, because it use GRE. Maybe someone knows how i can simultaneously use old pptp connections and ipsec site-to-site? Is there a possibility to disable nat for ipsec, and enable static nat for pptp connections(nat policy?)if have only one outside IP?

thanks in advance.

5 REPLIES

Re: NAT and PPTP+IPSEC

u mean u want ur pptp go to server behind the firewall and the ipsec terminate on the ASA itself??

New Member

Re: NAT and PPTP+IPSEC

yes.if that is possible

Re: NAT and PPTP+IPSEC

make static pat for pptp traffic regarding u have put two statment one for pptp port and one for gre

i will make statment forwarding port 80

u do the same thing only replace the port and put the required ports for pptp and another one for gre

i will assume ur outside public address is 10.1.1.1 and ur internal server ip 20.1.1.1

static(inside,outside) tcp 10.1.1.1 80 20.1.1.1 80 netmask 255.255.255.255

u can use tcp or udp

and make statment for each port

for ipsec because u r terminating the session on the outside interface it self u dont need any pating

but what u need

u need somthing called nat exmption

or nat 0

this will prevent the traffic going from ur site to the remot site from being nated and just go directly through the IPsec tunnels

lets say ur remite site private network is 192.168.1.0/24

and ur private network is 20.1.1.0./24

do:

access-list 100 permit ip 20.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list 100

good luck

and if u need any more info just post it here

please, if helpful Rate

New Member

Re: NAT and PPTP+IPSEC

Re: NAT and PPTP+IPSEC

cool try all concept

and if u need anymore details post here

if helpful post

156
Views
0
Helpful
5
Replies