[c-nsp] Cisco pptp server

Matthew Huff mhuff at ox.com
Fri Feb 26 11:25:02 EST 2016 

First,

Why are you using PPTP and not either SSL VPN or IPSEC VPN? PPTP using ancient crypto and has been severely deprecated. Policy routing also has a lot of issues, including punting from CEF into CPU routing. Avoid it if you can. If you have higher metrics, why do you need it?



----
Matthew Huff             | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC       | Phone: 914-460-4039
aim: matthewbhuff        | Fax:   914-694-5669


> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Pavel Dimow
> Sent: Friday, February 26, 2016 11:02 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco pptp server
> 
> Anyone? :)
> 
> On Thu, Feb 25, 2016 at 11:32 PM, Pavel Dimow <paveldimow at gmail.com>
> wrote:
> 
> > Hi,
> >
> > I have a very strange problem (well at least to me).
> >
> > I have a cisco 1921 which serves as PPTP server. On server I have two
> > different ISP's connections, ISP1 and ISP2. I have a default route to
> > ISP1 and default route to ISP2 with tracking and higher metric. I have
> > configured local policy routing so I always send PPTP packets to the
> > correct ISP.
> >
> > Now when I connect from client to PPTP server and in server address I
> > enter the ip address of interface where ISP1 is terminated everything
> > works. But when I connect from client to PPTP server and in server
> > address I enter the ip address of interface where ISP2 is terminated
> > the session is established but I can't do anything as I see only my
> > outgoing traffic and no incoming traffic via PPTP tunnel. The funny
> > part is that, when I enter the static route on PPTP server (the public
> > ip address of  PPTP client) everything works. Is this normal
> behaviour?
> >
> > If anyone can shed a light on this I would be very grateful ;)
> >
> >
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list