Re: Running PPTP behind NAT router

  • Thread starter Thread starter Dusty Harper {MS}
  • Start date Start date
D

Dusty Harper {MS}

This is a very common scenario. You need to verify however that both TCP
Port 1723 and Protocol 47 ( GRE ) are capable of passing through your ISA
firewall.

There is a known issue that was fixed in Windows Server 2003 where a VPN box
could not take any PPTP calls if it was behind a NAT. This was due to NAT
not having a PPTP editor. This does not apply in your case however because
your RRAS server is not behind a NAT.
 
Thanks Dusty,

I have no problem connecting to our ISA VPN server from
the Internet using Windows XP PPTP VPN. However, when my
client is behind a NAT router, it does not work. The
router is placed at my ISP, and he says I need to use a
NAT Traversel enabled VPN solution. I thought this was an
issue for IPSec, not PPTP. My ISA does not have any
problem, since the needed ports and protocol rules are
open, and it obviously works with our aprox 200 VPN users.
Are there any special requirements on my ISP's NAT router,
exept for having the Port 1723 and Protocol 47 open?

Regards
Bertil Hökerberg
Lindab AB
 
NAT traversal is only an L2TP issue ( because of its IPSec encapsulation )

No special requirements are needed. you may want to sniff the VPN side and
verify that both the PPTP and the GRE packets are reaching your VPN server
--
--
Dusty Harper
Microsoft Corporation
----------------------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
----------------------------------------------------------------------------

Thanks Dusty,

I have no problem connecting to our ISA VPN server from
the Internet using Windows XP PPTP VPN. However, when my
client is behind a NAT router, it does not work. The
router is placed at my ISP, and he says I need to use a
NAT Traversel enabled VPN solution. I thought this was an
issue for IPSec, not PPTP. My ISA does not have any
problem, since the needed ports and protocol rules are
open, and it obviously works with our aprox 200 VPN users.
Are there any special requirements on my ISP's NAT router,
exept for having the Port 1723 and Protocol 47 open?

Regards
Bertil Hökerberg
Lindab AB
 
Back
Top