gre natting for pptp

andrewho07 · ‎07-19-2011

I am having difficulty of setting up static net for gre for ASA version 8.4. I need this for setting up pptp.

My external interface is on dhcp. I have already set up static for tcp for pptp. Gre is a protocol and I am unable to find the syntax for version 8.4. Previous version is available.

Thanks

Andrew

Parminder Sian · ‎07-21-2011

Hi Andrew,

I didn't get your question, setting up static nat for GRE ?

For version 8.3 and later, command syntax has changed. Have a look at this doc to compare the statements with older versions:-

https://supportforums.cisco.com/docs/DOC-9129

Hope this helps.

Parminder Sian

andrewho07 · ‎07-24-2011

I need to set up pptp incoming from another site.

I have set :

object network server-box

host 1.1.1.1

object service base-gre

service gre

object network server-box

nat (inside,outside) static interface service tcp pptp pptp

I also have ACL set up to permit both pptp and gre access to the external interface

However, I am unable to set up nat for gre protocol. When I tried

nat (inside,outside) static interface service, it only allow me to use either tcp or udp. There is no protocol.

Thanks

Andrew

Maykol Rojas · ‎07-24-2011

Andrew,

GRE is a portless protocol, so basically if you are going to apply port forward in order to NAT, that is not going to work, since there is no layer 4 tcp,upd to do nat for.

That being said, if you have a pptp server on the inside network, the only thing that you need to do is to have the port forward for pptp (tcp 1723) and the inspection for pptp.

The inspection will open a channel in order to permit the GRE packets pass thru. Here is a document that you can use, just change the NATs to match version 8.3

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Hope it helps.

Mike