[c-nsp] PPTP and NAT
Brett Looney
brett at looney.id.au
Mon Aug 7 05:55:17 EDT 2006
At 17:44 7/08/2006, you wrote:
>>You have to do a NAT on the entire IP address. No way of getting
>>around it that I know of. And then you'll need to put in an ACL to
>>allow only 1723/TCP and GRE through.
>
>Not so. In very very early versions of IOS you did, but from about
>12.1T onwards you only needed to PAT through port 1723, and do not
>need a 1:1 static translation. The GRE is automagically taken care
>of as long as the PAT rule is in the config.
>
>See example at
>http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml
Oh duh. <slaps forehead> You know, I came across this last year and
actually *did* it. Stupid me. Thanks for the reminder! ;-)
B.
More information about the cisco-nsp
mailing list