01-13-2008 05:29 AM - edited 03-09-2019 07:51 PM
I have a 2611 running IOS 12.3 configured as a NAT router. I need to allow external PPTP VPN clients to connect to a MS Win 2003 server running RRAS on my inside network. I have configured static nat to forward TCP port 1723 traffic from the router's outside interface to the 2003 server, but there doesn't appear to be a way to use static NAT to forward GRE traffic. I've tried building an access-list with no success. External clients are able to reach the server, but authentication fails. I tested the connection with internal clients successfully, so I know that the RRAS server is set up correctly. When external clients attempt to connect, the connection appears to be successful, but the process hangs on authentication. I've followed the steps listed in Document ID 12483 explicitly, but still no success. Any help will be greatly appreciated.
01-18-2008 01:14 PM
The platform and the IOS image do support GRE going outbound (after all it is just an IP packet passing through the router). Where your problem is however, is that PPTP and more specificall GRE does not work well with PAT or "overloading" of the interface. For PPTP (GRE) to work through this you will need to have a static translation for the client machine accessing the PPTP server, or be using a non-overloaded interface.
01-18-2008 01:30 PM
Thanks for your reply. Actually, I solved the problem by upgrading to a slightly newer version of the IOS. The problem apparently was a software bug. PPTP and GRE both work fine with PAT and overloading on the outside interface. It is now working fine, as described in Document ID: 12483.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide