Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1240
Views
0
Helpful
7
Replies

PAT + PIX + PPTP

wongsusanto
Level 1
Level 1

‎05-30-2002 10:53 PM - edited ‎02-20-2020 10:04 PM

Hi All,

Is that possible if the clients do the pptp traffic to the microsoft pptp server with PAT enabled on the pix ?? There is no static nat on the PIX, all using the the same ip to go to the internet....

Clients with pptp ----PIX (PAT Enabled)--------Microsoft PPTP server

When I tried to dial from pptp client to the server I got this error message from the pix...

305006: regular translation creation failed for protocol 47 src inside:1

Thanks in advance

Regards

0 Helpful
7 Replies 7

vijkrish
Cisco Employee
Cisco Employee

‎05-31-2002 03:50 AM

This is not possible and is discussed in detail at:

http://www.cisco.com/warp/customer/110/pix_pptp.html

0 Helpful

wongsusanto
Level 1
Level 1
In response to vijkrish

‎06-02-2002 05:33 PM

Hi,

I have tried PPTP with PAT-enabled router..it works....but why it doesn't work with PIX. Is there a different translation algorithm (PAT ) between PIX and router ??

Another problem, I have set a vpn connection between PIX as a vpn gateway and VPN client. The VPN can be established, but VPN client can initiate the traffic, if the inside users which are behind the fire wall can initiate the traffics to VPN client. I tried to ping to the inside network, I can not ping them, although the users are alive, the vpn client can only ping the firewall inside interface.

thanks and regards

Wong

0 Helpful

mmarange
Level 1
Level 1

‎07-10-2002 07:54 AM

If you configure PPTP on the PIX it will work with nat.

ip local pool vpnpool 10.0.1.1-10.0.1.254

sysopt connection permit-pptp

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 40

vpdn group 1 client configuration address local vpnpool

vpdn group 1 client configuration dns 10.0.1.237

vpdn group 1 client configuration wins 10.0.1.237

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username pptp-Username password pwd

vpdn enable outside

You can also add a Radius server for authentication. This is the minimum config for a PPTP connection VPN.

http://www.cisco.com/warp/public/110/pptppix.html

Hope this helps.

Michael

0 Helpful

edadios
Cisco Employee
Cisco Employee
In response to mmarange

‎07-10-2002 07:14 PM

Unfortunately, PPTP passthrough on a PIX doing PAT is not supported on the current PIX codes.

You are correct, the routers after code 12.1.2T can do it, but it has not been done on the PIX code.

Regards,

0 Helpful

mikema
Level 1
Level 1
In response to mmarange

‎07-16-2002 01:44 AM

do you know how to setup pix so that PPTP client behind pix with PAT works fine?

PPTP client -- pixfirewall 515 with PAT --|-- internet -- PPTP Server

before upgading to pixfirewall, we used WatchGuard SOHO, and didn't set anything for PPTP traffic. However, since with pix, when I try to connect PPTP server, I always get an error 721,

PPP conversation was attempted .....

Any idea?

Thanks

Mike

0 Helpful

paqiu
Level 1
Level 1
In response to mikema

‎07-16-2002 03:12 AM

PPTP passing PAT is a special feature.

PIX does not support this feature yet.

Cisco routers with 12.1.4T above code support PPTP over PAT.

Best Regards,

0 Helpful

francoso
Level 1
Level 1
In response to paqiu

‎02-20-2003 07:10 AM

Will PIX support PPTP passing PAT in the coming version 6.3 ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card