Which is the truth about PPTP through PAT (overloaded NAT)?
Everywhere, also in this forum, I found people claiming that Cisco routers does not support PPTP through PAT. So I was renouncing to make my VPN connection (native Windows XP PPTP VPN connection) working.
Re: Which is the truth about PPTP through PAT (overloaded NAT)?
Hi gfullage and thank you very much for your answer.
I read the page you told me and it says: "Currently Cisco IOS Network Address Translation (NAT) only supports PPTP tunneling when configuring "Static or Dynamic" 1 to 1 address translation. The Overload, or Port Address Translation (PAT) configuration is not supported. So each individual PPTP tunnel requires its own IP address."
So, again, it seems that PPTP through overloaded NAT does not work. I'm really confused.
I'll try to give you some more details:
Home PC: Windows XP Pro Service Pack 1.
Home router: Cisco 827-4V (IOS 12.2(8)T4) which connects to an ADSL line and performs overloaded NAT (I just have one dynamic global IP address).
Office server: Windows 2000 Server Service Pack 3.
When I try to connect to the server, the connection says "Verifying Username and Password" for 40~ seconds and then I receive error 721 (the remote computer is not responding).
The very strange thing is that, if I try again and again (50, 60, 70 times) I finally succeed in connecting.
Ok, let's go on with some more info.
1) I tried to change from overloaded NAT to static NAT: Windows XP was able to establish the connection every time.
2) I tried to substitute my home PC OS (I installed Windows 98 and Windows 2000): I was able to establish the connection every time.
3) I tried to substitute the Cisco router with a ZyXel 645R: Windows XP was able to establish the connection every time.
These are my conclusions.
1) It doesn't seem to be a Cisco problem: Windows 98 and Windows 2000 can connect.
2) It doesn't seem to be an ISP problem: Windows 98 and Windows 2000 can connect.
3) It doesn't seem to be a server problem: Windows 98 and Windows 2000 can connect.
4) I doesn't seem to be a Windows XP problem: changing the router it can connect.
This is my Cisco router configuration.
service timestamps debug datetime msec
service timestamps log datetime msec
enable secret 5
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip domain-name virgilio.it
ip name-server 18.104.22.168
ip name-server 22.214.171.124
ip dhcp excluded-address 192.168.30.1
ip dhcp pool Client
network 192.168.30.0 255.255.255.0
dns-server 126.96.36.199 188.8.131.52
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no ip address
pppoe-client dial-pool-number 1
ip address negotiated
ip nat outside
dialer pool 1
ppp pap sent-username password 7
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :