Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Passing MS PPTP traffic through a NAT router

I have a 2611 running IOS 12.3 configured as a NAT router. I need to allow external PPTP VPN clients to connect to a MS Win 2003 server running RRAS on my inside network. I have configured static nat to forward TCP port 1723 traffic from the router's outside interface to the 2003 server, but there doesn't appear to be a way to use static NAT to forward GRE traffic. I've tried building an access-list with no success. External clients are able to reach the server, but authentication fails. I tested the connection with internal clients successfully, so I know that the RRAS server is set up correctly. When external clients attempt to connect, the connection appears to be successful, but the process hangs on authentication. I've followed the steps listed in Document ID 12483 explicitly, but still no success. Any help will be greatly appreciated.

Don R. Crawley, Linux+, CCNA Security Author and speaker for the IT industry Author of The Accidental Administrator: Cisco ASA Security Appliance Step-by-Step Configuration Guide http://www.soundtraining.net/bookstore
2 REPLIES
Bronze

Re: Passing MS PPTP traffic through a NAT router

The platform and the IOS image do support GRE going outbound (after all it is just an IP packet passing through the router). Where your problem is however, is that PPTP and more specificall GRE does not work well with PAT or "overloading" of the interface. For PPTP (GRE) to work through this you will need to have a static translation for the client machine accessing the PPTP server, or be using a non-overloaded interface.

New Member

Re: Passing MS PPTP traffic through a NAT router

Thanks for your reply. Actually, I solved the problem by upgrading to a slightly newer version of the IOS. The problem apparently was a software bug. PPTP and GRE both work fine with PAT and overloading on the outside interface. It is now working fine, as described in Document ID: 12483.

Don R. Crawley, Linux+, CCNA Security Author and speaker for the IT industry Author of The Accidental Administrator: Cisco ASA Security Appliance Step-by-Step Configuration Guide http://www.soundtraining.net/bookstore
244
Views
0
Helpful
2
Replies
CreatePlease to create content