Is PPTP supported by overloading NAT

Ryan Folstad Ryan at TENDIGITS.COM
Mon Aug 7 19:07:18 EDT 2000 

Sounds like either your linux masquerading(not NAT) is setup incorrectly or
your PIX could be setup wrong but i doubt it.  If your linux kernel version
is not 2.4 then all the stuff your talking about is experimental but does
work.  I have a Kernel 2.2 linux box setup with the appropriate patches and
it works just great for masquerading vpn clients for all employees in our
internal network and also works forwarding incoming pptp to our internal
pptp server..

check out:
http://ldp.iol.it/HOWTO/VPN-Masquerade-HOWTO.html
for what patches you need and what to compile into your kernel to get this
workin..


Ryan Folstad

-----Original Message-----
From: Rohan Naggi [mailto:rohan.naggi at TAVANT.COM]
Sent: Monday, August 07, 2000 3:08 PM
To: VPN at SECURITYFOCUS.COM
Subject: Is PPTP supported by overloading NAT


PROBLEM  :

PPTP client behind the PIX firewall cannot connect to the Server thru PPTP
gateway

SETUP :

There are two sites SITE A ( USA  ) and SITE B  ( INDIA ) .

SITE A has CISCO PIX  firewall ( PIX -A ) acting  as a PPTP gateway . It
also has WINDOWS 2000 Server's

SITE B has LINUX Server which is doing NAT  . PPTP client is a Windows 2000
Prof edition  .there are total of 10 PPTP clients which needs access to the
Servers at Site A . For the Internet access at SITE B , Linux box does the
address translation ( overloading NAT ) . So , all the 10 m/c goes out with
one Global IP address .

Purpose of the above setup :

 SITE B Clients should be able access Servers at SITE A


Explanation :


PPTP client which is behind the PIX firewall is not able to establish a PPTP
session to PIX A .

LINUX box  @ SITE B   is doing Overloading of NAT ( converting many Private
addressed to Single global address ) .

When a static global address is used at SITE B ( I mean to say the Windows
2000 client uses DIAL UP networking ) , the PPTP clients are able to
successfully connect to the Servers at SITE A .

But when the SITE B client use Overloading of NAT( i.e trying to go thru
LINUX ) , the PPTP session fails .


Can u help me out ......


Thanks and Regards ,
Rohan

Rohan.naggi at tavant.com

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list