[nsp] PPTP Vpdn Question
Pavel Narozhniy
PNarozhniy at MIRATECH.UA
Wed Jul 30 19:14:55 EDT 2003
Hello,
PPtP uses gre as transport protocol. GRE is stateless protocol (it has no port number), thats why ordinary NAT can't do more than one PPtP session. NAT on FreeBSD has hook for this issue, thats all.
> -----Original Message-----
> From: Oleksandr Pantus [mailto:alx at vsmu.vinnica.ua]
> Sent: Wednesday, July 30, 2003 5:53 PM
> To: Dan Armstrong
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] PPTP Vpdn Question
>
>
> Hello !
>
> Here we have got the same problem. Our investigation shows that such
> behaviour is caused mostly by various NAT alghorhytm. For example,
> there is no problem with multiple clients behind the FreeBSD NAT while
> Linux NAT (ip masquerade they name it) gives us the same
> picture as yours.
>
> On Wed, 30 Jul 2003, Dan Armstrong wrote:
> > We have a 7206 terminating PPTP VPDN connections, authenticated with
> > radius.
> >
> > It seems that if I have a customer out there in the world
> behind a NAT
> > firewall, they can only make one PPTP connection to us.
> During a debug,
> > I notice that the second user trying to connect appears to
> try and get
> > stuffed into the first person's Virtual Access interface, and
> > essentially kicks off the first person, and the second
> person appears to
> > hang up.
> >
> > I imagine this has something to do with the fact that thay both
> > "appear" to be coming from 1 remote IP.... does anybody know a way
> > around this?
>
>
>
> --
> S/Y,
> Alexander, MD, nic-hdl: AJP1-UANIC
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list