01-19-2009 11:46 AM
I have a pptp based vpn connection with client. While allowing the traffic towards internet for vpn connection, there are 2 ASA configured with PAT. I configured an IP base ACL from client to PPTP server. Initially the connection is establishing but after some time it get drops. Please suggest if it is because of the PAT, which is configured on the ASA. As per my knowledge PPTP vpn works on static nat.
Your suggestion on this will be appreciable.
01-19-2009 07:45 PM
Hi,
Im sure you have come across this link bellow, if not PLS take a look at it to understand PPTP and GRE in PIX/ASA/FWSM.
In essence you will need a one-to-one NAT address translation. I have tested this many times using PAT in both PIX 6.x and ASA 7.x.
PPTP will work with PAT only if you have a single PPTP client in your network connecting to a PPTP server on the outside using PAT as long you have fixup protocol pptp 1723 for code 6.x and pptp inspection for code 7.x in your global policy. So..if only one source in your LAN is using PPTP you are fine, if more than one user needs to PPTP you will then need a one to one NAT.
But you have indicated that pptp connection is stablished and after a while it drops, I would suggest to look into some logs at both ends to determined what is causing the drop.
Regards
01-20-2009 05:22 AM
please try by using one-to-one static NAT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide