PPTP through NAT

I need some help getting PPTP working properly through NAT. My setup includes a Cisco 7206 NAT router running IOS 12.3(14)T7 Enterprise Edition, and a Cisco 3030 concentrator.

My situation is that I need multiple PPTP clients behind the NAT router, to be able to establish sessions to my Cisco VPN concentrator

3030 (as well as other PPTP servers on the web - but I'll start with my own!).

My setup is as follows:

Client #1---->fa0/0-7206(NAT)fa0/1---->PPTP VPN( 3030) Client #2---| etc:

If I use a pool of global addresses with PAT, like below, I can't establish any PPTP sessions, not even one!

ip nat pool macconnect-nat prefix-length

24 ip nat inside source list 2 pool connect-nat

If I add the overload option, like below, I can start one PPTP session, but no others.

ip nat pool connect-nat prefix-length 24 ip nat inside source list 2 pool connect-nat overload

I guess my first question is should either of my scenarios above work?. Do I have something configured wrong, or is the problem elsewhere? I am open to using a global address pool and 1:1 NAT if that's what needed. Can anyone help?


Reply to
Loading thread data ...

I really hope there's a better solution then what I did years ago, but I'll tell you anyway.

I used two address pools, a small group of true NAT addresses and a single address using PAT. Using ACLs I specifically denied PPTP traffic on the PAT and permitted only PPTP traffic on the NAT. And I only had a half dozen or so users doing outbound VPN connections.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.