Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
0
Helpful
3
Replies

PPTP over NAT

Go to solution
john-perrin
Level 1
Level 1

‎07-17-2003 12:40 AM - edited ‎03-09-2019 04:05 AM

I have a client wanting to allow inbound PPTP to theie internal network. They are running NAT on a 1751 with IOS 12.2 and have a single public IP. They are using static NAT entries to allow inbound SMTP and terminal services. Static NAT entries do not support protocol 47 (GRE) so we can't do it that way. What options do they have to do it another way? I think they will have to get another public IP and translate all inbound traffic to that Ip to the internal IP where PPTP terminates. Will that work and can they have multiple external VPN users connecting to the single internal network IP via NAT? Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎07-17-2003 10:43 PM

The only way to do this is to get a second IP address, then set up a one-to-one static translation for it, and have all your users connect to that static IP address. Yes, multiple users will be able to connect to that one IP address, no problem there.

The issue here is, as you've said, that you can't map GRE through with just the one IP addess, so they need the second one and map all protocols through to it with just a standard static NAT translation.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎07-17-2003 10:43 PM

The only way to do this is to get a second IP address, then set up a one-to-one static translation for it, and have all your users connect to that static IP address. Yes, multiple users will be able to connect to that one IP address, no problem there.

The issue here is, as you've said, that you can't map GRE through with just the one IP addess, so they need the second one and map all protocols through to it with just a standard static NAT translation.

0 Helpful

Go to solution
john-perrin
Level 1
Level 1
In response to gfullage

‎07-18-2003 02:00 PM

Thanks for confirming that. Is this something that will be supported in later IOS releases or is there some fundamental reason why it cannot work?

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to john-perrin

‎07-20-2003 06:38 PM

I guess it could work, we actually support static PAT translations for ESP/IPSec now, so I presume we could support it for GRE. It's probably that no-one's really asked for it. Feel free to contact your Account Manager and get them to put in a feature request for it, the more people that ask for it the faster it gets included.

0 Helpful
Customers Also Viewed These Support Documents