Dynamic NAT GRE protocol into internal Server

Colourful · ‎10-15-2012

Hi guys just a quick one.

I've had a quick look and it appears it cannot be done.

I'm attempting to forward the GRE protocol to an internal web server. We only have 2 external addresses and the internal server is not one of them. Is this possible?

Kind regards,

Jake

Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

c2c-pix1 up 10 hours 43 mins

Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

Licensed Features:
Failover:                    Enabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Enabled
Maximum Physical Interfaces: 6
Maximum Interfaces:          10
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has an Unrestricted (UR) license.

Jennifer Halim · ‎10-15-2012

You would need to have a spare public IP to configure static NAT statement for GRE as GRE is a protocol, not TCP or UDP with port hence you can't share a public IP.

However if you are trying to enable PPTP connection to the internal server, then all you have to do is static PAT on TCP/1723, and enable "fixup protocol pptp 1723" and that would allow the GRE traffic to pass through.