Re: pptp into a natted network?

From: Jim Jones, Jr. (jimjones@oct.net)
Date: Tue Feb 12 2002 - 09:39:21 EST

yup, you're right... but that allows all traffic to that ip... i only want
to allow tcp1723 and gre...

thanks,

Jim Jones, Jr.
Partner
OcuSafe, LLC
www.ocusafe.com
Attractive, Reliable, Affordable Protection.

----- Original Message -----
From: "Ilker Temir" <itemir@cisco.com>
To: "Jim Jones, Jr." <jimjones@oct.net>
Cc: <cisco-nsp@puck.nether.net>
Sent: Tuesday, February 12, 2002 8:22 AM
Subject: Re: pptp into a natted network?

: Although I am not a specialist on pptp it should work. Following
successfully
: translates GRE.
:
: 192.168.2.1 should be the public IP and 172.16.1.5 should be the private
IP of
: your server.
:
: Thanks,
:
: Ilker
:
: interface FastEthernet0/0
: ip address 172.16.1.1 255.255.255.0
: ip nat inside
: interface Serial0/0
: ip address 192.168.1.2 255.255.255.252
: ip nat outside
: ip nat inside source list 12 interface Serial0/0 overload
: ip nat inside source static 172.16.1.5 192.168.2.1
:
: ....
: *Mar 5 01:19:50.607: NAT*: s=172.16.1.5->192.168.2.1, d=192.168.1.1 [2]
: *Mar 5 01:19:50.643: NAT*: o: gre (192.168.1.1, 0) -> (192.168.2.1, 0)
[23]
: *Mar 5 01:19:50.643: NAT*: s=192.168.1.1, d=192.168.2.1->172.16.1.5 [23]
: *Mar 5 01:19:50.647: NAT*: i: gre (172.16.1.5, 0) -> (192.168.1.1, 0) [3]
: *Mar 5 01:19:50.647: NAT*: s=172.16.1.5->192.168.2.1, d=192.168.1.1 [3]
: *Mar 5 01:19:50.687: NAT*: o: gre (192.168.1.1, 0) -> (192.168.2.1, 0)
[24]
: *Mar 5 01:19:50.687: NAT*: s=192.168.1.1, d=192.168.2.1->172.16.1.5 [24]
: *Mar 5 01:19:50.691: NAT*: i: gre (172.16.1.5, 0) -> (192.168.1.1, 0) [4]
: *Mar 5 01:19:50.691: NAT*: s=172.16.1.5->192.168.2.1, d=192.168.1.1 [4]
: ....
:
:
: On Tue, 12 Feb 2002, Jim Jones, Jr. wrote:
:
: > Yup, tried that, but i can't figure out the static mapping of GRE !
: >
: > thanks,
: >
: >
: > Jim Jones, Jr.
: > Partner
: > OcuSafe, LLC
: > www.ocusafe.com
: > Attractive, Reliable, Affordable Protection.
: >
: > ----- Original Message -----
: > From: "Ilker Temir" <itemir@cisco.com>
: > To: "Jim Jones, Jr." <jimjones@oct.net>
: > Cc: <cisco-nsp@puck.nether.net>
: > Sent: Tuesday, February 12, 2002 6:51 AM
: > Subject: Re: pptp into a natted network?
: >
: >
: > : Do you have available public IP address ? If so, try static mapping.
: > :
: > : Ilker
: > :
: > : On Tue, 12 Feb 2002, Jim Jones, Jr. wrote:
: > :
: > : > Exactly... but how do you forward the GRE... the 1723 is easy...
: > : >
: > : > Thanks,
: > : >
: > : >
: > : > Jim Jones, Jr.
: > : > Partner
: > : > OcuSafe, LLC
: > : > www.ocusafe.com
: > : > Attractive, Reliable, Affordable Protection.
: > : >
: > : > ----- Original Message -----
: > : > From: "Roisman, Dani" <droisman@soe.sony.com>
: > : > To: "'Jim Jones, Jr.'" <jimjones@oct.net>
: > : > Sent: Tuesday, February 12, 2002 6:31 AM
: > : > Subject: RE: pptp into a natted network?
: > : >
: > : >
: > : > > don't know if you got an answer yet,
: > : > >
: > : > > but by my experience, pptp uses TCP port 1723 and GRE (IP Protocol
: > 47).
: > : > >
: > : > > so I would assume if you forward tcp port 1723 and gre to your
pptp
: > : > server,
: > : > > you will probably be golden.
: > : > >
: > : > > ----
: > : > > Dani
: > : > >
: > : > >
: > : > > > -----Original Message-----
: > : > > > From: Jim Jones, Jr. [mailto:jimjones@oct.net]
: > : > > > Sent: Tuesday, February 12, 2002 3:48 AM
: > : > > > To: cisco-nsp@puck.nether.net
: > : > > > Subject: Re: pptp into a natted network?
: > : > > >
: > : > > >
: > : > > > I think that I am trying to do the exact opposite. This
: > : > > > example shows the
: > : > > > pptp server outside the natted network... and the clients
: > : > > > inside. I would
: > : > > > like to do this with the pptp server inside the private
: > : > > > network and the
: > : > > > clients out on the 'net.
: > : > > >
: > : > > > Thanks,
: > : > > >
: > : > > >
: > : > > >
: > : > > > Jim Jones, Jr.
: > : > > > Partner
: > : > > > OcuSafe, LLC
: > : > > > www.ocusafe.com
: > : > > > Attractive, Reliable, Affordable Protection.
: > : > > >
: > : > > > ----- Original Message -----
: > : > > > From: "Roman Volkov" <rv@kht.ru>
: > : > > > To: "Jim Jones, Jr." <jimjones@oct.net>
: > : > > > Cc: <cisco-nsp@puck.nether.net>
: > : > > > Sent: Monday, February 11, 2002 11:55 PM
: > : > > > Subject: Re: pptp into a natted network?
: > : > > >
: > : > > >
: > : > > > > > I have a customer with a cisco 2621 running nat and they
: > : > > > need to allow
: > : > > > > > certian addresses into their pptp server... any clues? I
: > : > > > haven't been
: > : > > > able
: > : > > > > > to find anything on cisco's website...
: > : > > > >
: > : > > > > see throught
: > : > > > > http://www.cisco.com/warp/public/471/pptp_pat.html
: > : > > > > you must have IOS 12.1(4)T or newer for it
: > : > > > >
: > : > > > > > Jim Jones, Jr.
: > : > > > > > Partner
: > : > > > > > OcuSafe, LLC
: > : > > > > > www.ocusafe.com
: > : > > > > > Attractive, Reliable, Affordable Protection.
: > : > > > >
: > : > > > > --
: > : > > > > Roman Volkov, CCNA, <rv@kht.ru> - http://home.kht.ru/~rv
: > : > > > > Khabarovsk TTS, http://net.kht.ru
: > : > > > > Russia
: > : > > > >
: > : > > >
: > : > >
: > : >
: > :
: > :
: >
:
:
:

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:04 EDT