topic PPTP with NAT in Network Security https://community.cisco.com/t5/network-security/pptp-with-nat/m-p/502151#M1055644 <P>Hi everyone!</P><P>One of my costumers is connected to my Internet network (im an isp), the costumer is using dynamic nat, and on the other end, there is a PPTP server (on a hosted environment), the costumer complains that sometimes can´t connect throught the pptp tunnel, but i always see the TCP port 173, and after that, the GRE session..but the problem is that the costumer can´t make it works..</P><P>As an example, this is a snapshot of the nat translation:</P><P>ADVERTISING#sh ip nat translations | i 148.244.244</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1329 192.168.1.132:1329 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:57 192.168.1.133:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:57</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1026 192.168.1.133:1049 &lt;PPTP_IP_ADDRESS&gt;:1723 &lt;PPTP_IP_ADDRESS&gt;:1723</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:50145 192.168.1.133:50145 &lt;PPTP_IP_ADDRESS&gt;:50145 &lt;PPTP_IP_ADDRESS&gt;:50145</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:23 192.168.1.134:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:23</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1114 192.168.1.134:1114 &lt;PPTP_IP_ADDRESS&gt;:1723 &lt;PPTP_IP_ADDRESS&gt;:1723</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:17376 192.168.1.134:17376 &lt;PPTP_IP_ADDRESS&gt;:17376 &lt;PPTP_IP_ADDRESS&gt;:17376</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1025 192.168.1.135:1077 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1054 192.168.1.138:1036 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:2 192.168.1.139:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:2</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:994 192.168.1.139:994 &lt;PPTP_IP_ADDRESS&gt;:994 &lt;PPTP_IP_ADDRESS&gt;:994</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1036 192.168.1.139:1052 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1268 192.168.1.139:1268 &lt;PPTP_IP_ADDRESS&gt;:1723 &lt;PPTP_IP_ADDRESS&gt;:1723</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:9 192.168.1.143:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:9</P><P>As you can see, there is NAT on the CPE in order to change the 192.168.1.x IP to a public ip address (source to the PPTP Server), on the server side, there is another NAT in order to have a public ip address &lt;PPTP_IP_ADDRESS&gt;..</P><P>This is the debug attached..</P><P>Does anyone have an idea what can be happening??im new about pptp...thank you very much in advice!</P><P>Alfonso</P><P></P><P></P><P> </P><P></P> Fri, 21 Feb 2020 08:30:39 GMT jresendizz 2020-02-21T08:30:39Z PPTP with NAT https://community.cisco.com/t5/network-security/pptp-with-nat/m-p/502151#M1055644 <P>Hi everyone!</P><P>One of my costumers is connected to my Internet network (im an isp), the costumer is using dynamic nat, and on the other end, there is a PPTP server (on a hosted environment), the costumer complains that sometimes can´t connect throught the pptp tunnel, but i always see the TCP port 173, and after that, the GRE session..but the problem is that the costumer can´t make it works..</P><P>As an example, this is a snapshot of the nat translation:</P><P>ADVERTISING#sh ip nat translations | i 148.244.244</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1329 192.168.1.132:1329 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:57 192.168.1.133:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:57</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1026 192.168.1.133:1049 &lt;PPTP_IP_ADDRESS&gt;:1723 &lt;PPTP_IP_ADDRESS&gt;:1723</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:50145 192.168.1.133:50145 &lt;PPTP_IP_ADDRESS&gt;:50145 &lt;PPTP_IP_ADDRESS&gt;:50145</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:23 192.168.1.134:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:23</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1114 192.168.1.134:1114 &lt;PPTP_IP_ADDRESS&gt;:1723 &lt;PPTP_IP_ADDRESS&gt;:1723</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:17376 192.168.1.134:17376 &lt;PPTP_IP_ADDRESS&gt;:17376 &lt;PPTP_IP_ADDRESS&gt;:17376</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1025 192.168.1.135:1077 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1054 192.168.1.138:1036 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:2 192.168.1.139:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:2</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:994 192.168.1.139:994 &lt;PPTP_IP_ADDRESS&gt;:994 &lt;PPTP_IP_ADDRESS&gt;:994</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1036 192.168.1.139:1052 &lt;PPTP_IP_ADDRESS&gt;:3389 &lt;PPTP_IP_ADDRESS&gt;:3389</P><P>tcp &lt;IP_ADDRESS_OUTSIDE&gt;:1268 192.168.1.139:1268 &lt;PPTP_IP_ADDRESS&gt;:1723 &lt;PPTP_IP_ADDRESS&gt;:1723</P><P>gre &lt;IP_ADDRESS_OUTSIDE&gt;:9 192.168.1.143:256 &lt;PPTP_IP_ADDRESS&gt;:256 &lt;PPTP_IP_ADDRESS&gt;:9</P><P>As you can see, there is NAT on the CPE in order to change the 192.168.1.x IP to a public ip address (source to the PPTP Server), on the server side, there is another NAT in order to have a public ip address &lt;PPTP_IP_ADDRESS&gt;..</P><P>This is the debug attached..</P><P>Does anyone have an idea what can be happening??im new about pptp...thank you very much in advice!</P><P>Alfonso</P><P></P><P></P><P> </P><P></P> Fri, 21 Feb 2020 08:30:39 GMT https://community.cisco.com/t5/network-security/pptp-with-nat/m-p/502151#M1055644 jresendizz 2020-02-21T08:30:39Z