Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
1
Replies

PPTP and static NAT

a.crippa
Level 1
Level 1

‎03-10-2006 05:31 AM - edited ‎03-09-2019 02:12 PM

Hi to all,

I have a question. I use a 2811 as a router and firewall (I configured it with SDM), my problem is with static NAT.

Witch port I have to NAT permit to use a VPN client PPTP like windowsXP client?

It's enougth to nat port 1723 to my server or I have to nat other tcp/udp port? My porblem is that I can not NAT all port to only one server.

There are some on-line document?

Thanks a lot.

Augusto

Labels:
0 Helpful
1 Reply 1

rasoftware
Level 1
Level 1

‎03-13-2006 07:28 AM

You're going to need to create two things:

NAT Translations

ip nat inside source static tcp 1.2.3.4 1723 interface fastethernet0/1 1723

replace 1.2.3.4 with your inside address ie VPN server and fastethernet0/1 with whatever your public interface is called.

You will also need to create and access-list to allow traffic to pass from outside-inside, ie Fastethernet0/1 "in"

access-list 120 permit tcp any 1.2.3.4 eq 1723

Apply this access-group to you outside interface "in".

Take care when removing enteries using the CLI with access list, you will delete the lot if you remove one! New enteries are appended to the bottom.

This is also possible through SDM and easier if you arnent to familiar with the CLI.

Create the NAT - under the nat tab, follow my example

Create access-list under firewall/ACL list tab.

Pls rate post that help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents