Re: pptp into a natted network?

From: Ilker Temir (itemir@cisco.com)
Date: Tue Feb 12 2002 - 09:22:12 EST

Next message: Jim Jones, Jr.: "Re: pptp into a natted network?"
Previous message: Jim Jones, Jr.: "[nsp] adsl/atm/rbe?"
In reply to: Jim Jones, Jr.: "Re: pptp into a natted network?"
Next in thread: Jim Jones, Jr.: "Re: pptp into a natted network?"
Reply: Jim Jones, Jr.: "Re: pptp into a natted network?"
Reply: Jim Jones, Jr.: "Re: pptp into a natted network?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Although I am not a specialist on pptp it should work. Following successfully
translates GRE.

192.168.2.1 should be the public IP and 172.16.1.5 should be the private IP of
your server.

Thanks,

Ilker

interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
ip nat outside
ip nat inside source list 12 interface Serial0/0 overload
ip nat inside source static 172.16.1.5 192.168.2.1

....
*Mar 5 01:19:50.607: NAT*: s=172.16.1.5->192.168.2.1, d=192.168.1.1 [2]
*Mar 5 01:19:50.643: NAT*: o: gre (192.168.1.1, 0) -> (192.168.2.1, 0) [23]
*Mar 5 01:19:50.643: NAT*: s=192.168.1.1, d=192.168.2.1->172.16.1.5 [23]
*Mar 5 01:19:50.647: NAT*: i: gre (172.16.1.5, 0) -> (192.168.1.1, 0) [3]
*Mar 5 01:19:50.647: NAT*: s=172.16.1.5->192.168.2.1, d=192.168.1.1 [3]
*Mar 5 01:19:50.687: NAT*: o: gre (192.168.1.1, 0) -> (192.168.2.1, 0) [24]
*Mar 5 01:19:50.687: NAT*: s=192.168.1.1, d=192.168.2.1->172.16.1.5 [24]
*Mar 5 01:19:50.691: NAT*: i: gre (172.16.1.5, 0) -> (192.168.1.1, 0) [4]
*Mar 5 01:19:50.691: NAT*: s=172.16.1.5->192.168.2.1, d=192.168.1.1 [4]
....

On Tue, 12 Feb 2002, Jim Jones, Jr. wrote:

> Yup, tried that, but i can't figure out the static mapping of GRE !
>
> thanks,
>
>
> Jim Jones, Jr.
> Partner
> OcuSafe, LLC
> www.ocusafe.com
> Attractive, Reliable, Affordable Protection.
>
> ----- Original Message -----
> From: "Ilker Temir" <itemir@cisco.com>
> To: "Jim Jones, Jr." <jimjones@oct.net>
> Cc: <cisco-nsp@puck.nether.net>
> Sent: Tuesday, February 12, 2002 6:51 AM
> Subject: Re: pptp into a natted network?
>
>
> : Do you have available public IP address ? If so, try static mapping.
> :
> : Ilker
> :
> : On Tue, 12 Feb 2002, Jim Jones, Jr. wrote:
> :
> : > Exactly... but how do you forward the GRE... the 1723 is easy...
> : >
> : > Thanks,
> : >
> : >
> : > Jim Jones, Jr.
> : > Partner
> : > OcuSafe, LLC
> : > www.ocusafe.com
> : > Attractive, Reliable, Affordable Protection.
> : >
> : > ----- Original Message -----
> : > From: "Roisman, Dani" <droisman@soe.sony.com>
> : > To: "'Jim Jones, Jr.'" <jimjones@oct.net>
> : > Sent: Tuesday, February 12, 2002 6:31 AM
> : > Subject: RE: pptp into a natted network?
> : >
> : >
> : > > don't know if you got an answer yet,
> : > >
> : > > but by my experience, pptp uses TCP port 1723 and GRE (IP Protocol
> 47).
> : > >
> : > > so I would assume if you forward tcp port 1723 and gre to your pptp
> : > server,
> : > > you will probably be golden.
> : > >
> : > > ----
> : > > Dani
> : > >
> : > >
> : > > > -----Original Message-----
> : > > > From: Jim Jones, Jr. [mailto:jimjones@oct.net]
> : > > > Sent: Tuesday, February 12, 2002 3:48 AM
> : > > > To: cisco-nsp@puck.nether.net
> : > > > Subject: Re: pptp into a natted network?
> : > > >
> : > > >
> : > > > I think that I am trying to do the exact opposite. This
> : > > > example shows the
> : > > > pptp server outside the natted network... and the clients
> : > > > inside. I would
> : > > > like to do this with the pptp server inside the private
> : > > > network and the
> : > > > clients out on the 'net.
> : > > >
> : > > > Thanks,
> : > > >
> : > > >
> : > > >
> : > > > Jim Jones, Jr.
> : > > > Partner
> : > > > OcuSafe, LLC
> : > > > www.ocusafe.com
> : > > > Attractive, Reliable, Affordable Protection.
> : > > >
> : > > > ----- Original Message -----
> : > > > From: "Roman Volkov" <rv@kht.ru>
> : > > > To: "Jim Jones, Jr." <jimjones@oct.net>
> : > > > Cc: <cisco-nsp@puck.nether.net>
> : > > > Sent: Monday, February 11, 2002 11:55 PM
> : > > > Subject: Re: pptp into a natted network?
> : > > >
> : > > >
> : > > > > > I have a customer with a cisco 2621 running nat and they
> : > > > need to allow
> : > > > > > certian addresses into their pptp server... any clues? I
> : > > > haven't been
> : > > > able
> : > > > > > to find anything on cisco's website...
> : > > > >
> : > > > > see throught
> : > > > > http://www.cisco.com/warp/public/471/pptp_pat.html
> : > > > > you must have IOS 12.1(4)T or newer for it
> : > > > >
> : > > > > > Jim Jones, Jr.
> : > > > > > Partner
> : > > > > > OcuSafe, LLC
> : > > > > > www.ocusafe.com
> : > > > > > Attractive, Reliable, Affordable Protection.
> : > > > >
> : > > > > --
> : > > > > Roman Volkov, CCNA, <rv@kht.ru> - http://home.kht.ru/~rv
> : > > > > Khabarovsk TTS, http://net.kht.ru
> : > > > > Russia
> : > > > >
> : > > >
> : > >
> : >
> :
> :
>

Next message: Jim Jones, Jr.: "Re: pptp into a natted network?"
Previous message: Jim Jones, Jr.: "[nsp] adsl/atm/rbe?"
In reply to: Jim Jones, Jr.: "Re: pptp into a natted network?"
Next in thread: Jim Jones, Jr.: "Re: pptp into a natted network?"
Reply: Jim Jones, Jr.: "Re: pptp into a natted network?"
Reply: Jim Jones, Jr.: "Re: pptp into a natted network?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:04 EDT