Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PAT + PIX + PPTP

Hi All,

Is that possible if the clients do the pptp traffic to the microsoft pptp server with PAT enabled on the pix ?? There is no static nat on the PIX, all using the the same ip to go to the internet....

Clients with pptp ----PIX (PAT Enabled)--------Microsoft PPTP server

When I tried to dial from pptp client to the server I got this error message from the pix...

305006: regular translation creation failed for protocol 47 src inside:1

Thanks in advance

Regards

7 REPLIES
Cisco Employee

Re: PAT + PIX + PPTP

This is not possible and is discussed in detail at:

http://www.cisco.com/warp/customer/110/pix_pptp.html

New Member

Re: PAT + PIX + PPTP

Hi,

I have tried PPTP with PAT-enabled router..it works....but why it doesn't work with PIX. Is there a different translation algorithm (PAT ) between PIX and router ??

Another problem, I have set a vpn connection between PIX as a vpn gateway and VPN client. The VPN can be established, but VPN client can initiate the traffic, if the inside users which are behind the fire wall can initiate the traffics to VPN client. I tried to ping to the inside network, I can not ping them, although the users are alive, the vpn client can only ping the firewall inside interface.

thanks and regards

Wong

New Member

Re: PAT + PIX + PPTP

If you configure PPTP on the PIX it will work with nat.

ip local pool vpnpool 10.0.1.1-10.0.1.254

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local vpnpool

vpdn group 1 client configuration dns 10.0.1.237

vpdn group 1 client configuration wins 10.0.1.237

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username pptp-Username password pwd

vpdn enable outside

You can also add a Radius server for authentication. This is the minimum config for a PPTP connection VPN.

http://www.cisco.com/warp/public/110/pptppix.html

Hope this helps.

Michael

Cisco Employee

Re: PAT + PIX + PPTP

Unfortunately, PPTP passthrough on a PIX doing PAT is not supported on the current PIX codes.

You are correct, the routers after code 12.1.2T can do it, but it has not been done on the PIX code.

Regards,

New Member

Re: PAT + PIX + PPTP

do you know how to setup pix so that PPTP client behind pix with PAT works fine?

PPTP client -- pixfirewall 515 with PAT --|-- internet -- PPTP Server

before upgading to pixfirewall, we used WatchGuard SOHO, and didn't set anything for PPTP traffic. However, since with pix, when I try to connect PPTP server, I always get an error 721,

PPP conversation was attempted .....

Any idea?

Thanks

Mike

New Member

Re: PAT + PIX + PPTP

PPTP passing PAT is a special feature.

PIX does not support this feature yet.

Cisco routers with 12.1.4T above code support PPTP over PAT.

Best Regards,

New Member

Re: PAT + PIX + PPTP

Will PIX support PPTP passing PAT in the coming version 6.3 ?

408
Views
0
Helpful
7
Replies
CreatePlease to create content