Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PPTP and static NAT

Hi to all,

I have a question. I use a 2811 as a router and firewall (I configured it with SDM), my problem is with static NAT.

Witch port I have to NAT permit to use a VPN client PPTP like windowsXP client?

It's enougth to nat port 1723 to my server or I have to nat other tcp/udp port? My porblem is that I can not NAT all port to only one server.

There are some on-line document?

Thanks a lot.


New Member

Re: PPTP and static NAT

You're going to need to create two things:

NAT Translations

ip nat inside source static tcp 1723 interface fastethernet0/1 1723

replace with your inside address ie VPN server and fastethernet0/1 with whatever your public interface is called.

You will also need to create and access-list to allow traffic to pass from outside-inside, ie Fastethernet0/1 "in"

access-list 120 permit tcp any eq 1723

Apply this access-group to you outside interface "in".

Take care when removing enteries using the CLI with access list, you will delete the lot if you remove one! New enteries are appended to the bottom.

This is also possible through SDM and easier if you arnent to familiar with the CLI.

Create the NAT - under the nat tab, follow my example

Create access-list under firewall/ACL list tab.

Pls rate post that help