PPTP over Cisco NAT for private subnet included into VRF.

m.rabidinov · ‎01-04-2011

I have a Cisco 7206VXR.

Private subnet (192.168.0.0/24) is included into vrf WiFi and is behind NAT.

NAT for clients is working.

But clients can connect to remote PPTP server. They get 619 error.

L2TP/IPSec connections works, but PPTP doesn't.

When I remove subnet from vrf WiFi, PPTP connections works too.

IOS: c7200-advipservicesk9-mz.122-33.SRE1.bin

My config:

interface Loopback1
ip vrf forwarding WIFI
ip address 192.168.0.1 255.255.255.0

interface GigabitEthernet0/1

description WAN
ip address хх.хх.хх.94 255.255.255.252
ip nat outside
ip portbundle outside
ip ospf network point-to-point
media-type rj45
speed 1000
duplex full
no negotiation auto
no cdp enable

interface GigabitEthernet0/2.500

description LAN
encapsulation dot1Q 500
ip vrf forwarding WIFI
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
ip unnumbered Loopback1
ip helper-address 192.168.1.2
no ip proxy-arp
ip nat inside
no cdp enable

ip nat inside source list For_WiFi interface GigabitEthernet0/1 vrf WIFI overload

ip access-list standard For_WiFi
permit 192.168.0.0 0.0.0.255

ip route vrf WIFI 0.0.0.0 0.0.0.0 GigabitEthernet0/1 хх.хх.хх.93

How can I make PPTP connection works with VRF?

Jennifer Halim · ‎01-04-2011

Here is a bug that matches your description of the PPTP failure over VRF aware NAT:CSCec30921:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCec30921