Which is the truth about PPTP through PAT (overloaded NAT)?

mme000 · ‎10-21-2002

Everywhere, also in this forum, I found people claiming that Cisco routers does not support PPTP through PAT. So I was renouncing to make my VPN connection (native Windows XP PPTP VPN connection) working.

Then, today I found this article http://www.cisco.com/warp/public/471/pptp_pat.html which seems to say that it's supported.

So, is it supported or not?

BTW: I've a Cisco 827-4V router and my IOS version is 12.2(8)T4.

Thx in advance.

gfullage · ‎10-21-2002

Yes, this was introduced in 12.1(4)T I believe, see here (http://www.cisco.com/warp/public/cc/pd/iosw/iore/iomjre121/prodlit/1065_pp.htm#26881).

Are you having some sort of problem with it?

mme000 · ‎10-22-2002

Hi gfullage and thank you very much for your answer.

I read the page you told me and it says: "Currently Cisco IOS Network Address Translation (NAT) only supports PPTP tunneling when configuring "Static or Dynamic" 1 to 1 address translation. The Overload, or Port Address Translation (PAT) configuration is not supported. So each individual PPTP tunnel requires its own IP address."

So, again, it seems that PPTP through overloaded NAT does not work. I'm really confused.

I'll try to give you some more details:

Home PC: Windows XP Pro Service Pack 1.

Home router: Cisco 827-4V (IOS 12.2(8)T4) which connects to an ADSL line and performs overloaded NAT (I just have one dynamic global IP address).

Office server: Windows 2000 Server Service Pack 3.

When I try to connect to the server, the connection says "Verifying Username and Password" for 40~ seconds and then I receive error 721 (the remote computer is not responding).

The very strange thing is that, if I try again and again (50, 60, 70 times) I finally succeed in connecting.

Ok, let's go on with some more info.

1) I tried to change from overloaded NAT to static NAT: Windows XP was able to establish the connection every time.

2) I tried to substitute my home PC OS (I installed Windows 98 and Windows 2000): I was able to establish the connection every time.

3) I tried to substitute the Cisco router with a ZyXel 645R: Windows XP was able to establish the connection every time.

These are my conclusions.

1) It doesn't seem to be a Cisco problem: Windows 98 and Windows 2000 can connect.

2) It doesn't seem to be an ISP problem: Windows 98 and Windows 2000 can connect.

3) It doesn't seem to be a server problem: Windows 98 and Windows 2000 can connect.

But...

4) I doesn't seem to be a Windows XP problem: changing the router it can connect.

This is my Cisco router configuration.

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname mmerouter

!

enable secret 5

!

clock timezone CET 1

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

!

ip domain-name virgilio.it

ip name-server 212.216.112.112

ip name-server 212.216.172.62

ip dhcp excluded-address 192.168.30.1

!

ip dhcp pool Client

network 192.168.30.0 255.255.255.0

dns-server 212.216.112.112 212.216.172.62

default-router 192.168.30.1

domain-name virgilio.it

!

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

interface Ethernet0

ip address 192.168.30.1 255.255.255.0

ip nat inside

ip tcp adjust-mss 1452

!

interface ATM0

no ip address

pvc 8/35

pppoe-client dial-pool-number 1

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp pap sent-username password 7

!

ip nat inside source list 101 interface Dialer0 overload

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 101 permit ip 192.168.30.0 0.0.0.255 any

dialer-list 1 protocol ip list 101

!

line vty 0 4

access-class 101 in

password 7

login

!

sntp server 192.43.244.18

!

end

Thx.

edadios · ‎10-22-2002

PPTP can pass through over a pat router and is supported since IOS 12.2.T

See here: http://www.cisco.com/warp/public/471/pptp_pat.html .

If 2000, and 98 works, maybe there is something about the xp.... maybe microsoft can help.

Regards,