Re: Multiple PPTP clients behind a Nat router

jspiegel · ‎09-18-2003

I am having an issue with a Cisco 3000 VPN server. Multiple clients at one location need to connect back to the VPN server via PPTP. The location is served by a DSL line with a basic NAT router. The first client is able to connect and the rest are rejected. I am assuming this is a "security feature" of the 3000 box. My guess is that the 3000 likes an individual IP address for each session. Has anyone seen this problem?

John

rjwalani · ‎09-18-2003

Hi,

PPTP thru PAT is not supported.

Thanks

Ranjana

atdhingr · ‎09-19-2003

Hi Ranjana,

Why is it so that PPTP is not supported thru PAT. I understand that ipsec is not supported coz of esp not using ports...but how the same applies to pptp as it uses pptp for tunneling and mppe for encryption

Thanks

Atul.

rjwalani · ‎09-19-2003

Hi Atul,

PPTP uses GRE, so the NAT/PAT device should be capable of handling GRE/PAT.

Thanks

Ranjana

jspiegel · ‎09-19-2003

This is very disappointing. Because now I must go back to using RRAS on Win2k. Cisco should add this feature to the 3000 VPN box.

rjwalani · ‎09-19-2003

Hi,

I missed adding in my previous message that it appears that your router doesn't support GRE/PAT. The Concentrator supports PPTP through PAT as long as your NAT/PAT device supports GRE/PAT

Thanks

Ranjana

zeller · ‎10-16-2003

The VPN 3000 series will only allow a single connection from a particular IP address. Snapgear makes a $300 router that will build the PPTP connection to the Cisco 3000 box and then multiple clients can go through that tunnel. The individual client machines do not create a tunnel or authenticate in this scenario. It's a nailed-up point-to-point connection connecting two lans. I have one engineer using this from home quite successfully.

Tom Zeller

Indiana University