Is PPTP supported by overloading NAT

Rohan Naggi rohan.naggi at TAVANT.COM
Mon Aug 7 18:08:08 EDT 2000


PROBLEM  :

PPTP client behind the PIX firewall cannot connect to the Server thru PPTP
gateway

SETUP :

There are two sites SITE A ( USA  ) and SITE B  ( INDIA ) .

SITE A has CISCO PIX  firewall ( PIX -A ) acting  as a PPTP gateway . It
also has WINDOWS 2000 Server's

SITE B has LINUX Server which is doing NAT  . PPTP client is a Windows 2000
Prof edition  .there are total of 10 PPTP clients which needs access to the
Servers at Site A . For the Internet access at SITE B , Linux box does the
address translation ( overloading NAT ) . So , all the 10 m/c goes out with
one Global IP address .

Purpose of the above setup :

 SITE B Clients should be able access Servers at SITE A


Explanation :


PPTP client which is behind the PIX firewall is not able to establish a PPTP
session to PIX A .

LINUX box  @ SITE B   is doing Overloading of NAT ( converting many Private
addressed to Single global address ) .

When a static global address is used at SITE B ( I mean to say the Windows
2000 client uses DIAL UP networking ) , the PPTP clients are able to
successfully connect to the Servers at SITE A .

But when the SITE B client use Overloading of NAT( i.e trying to go thru
LINUX ) , the PPTP session fails .


Can u help me out ......


Thanks and Regards ,
Rohan

Rohan.naggi at tavant.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list