Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Running PPTP behind NAT router

780 views
Skip to first unread message

Bertil Hökerberg

unread,
Jul 9, 2003, 1:45:38 PM7/9/03
to
Is it possible to run a VPN PPTP client (the standard
client in Windows XP) behind a NAT router. I'm trying to
access an RRAS / ISA VPN (Windows 2000) server on the
Internet which has a public IP address. However, the
client is behind a NAT router, and is not able to log on
to the VPN server. Is there a solution to this problem, or
does the client need a public IP address?

Dusty Harper {MS}

unread,
Jul 9, 2003, 2:18:15 PM7/9/03
to
This is a very common scenario. You need to verify however that both TCP
Port 1723 and Protocol 47 ( GRE ) are capable of passing through your ISA
firewall.

There is a known issue that was fixed in Windows Server 2003 where a VPN box
could not take any PPTP calls if it was behind a NAT. This was due to NAT
not having a PPTP editor. This does not apply in your case however because
your RRAS server is not behind a NAT.

--
--
Dusty Harper
Microsoft Corporation
----------------------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
----------------------------------------------------------------------------

"Bertil Hökerberg" <be...@lindab.com> wrote in message
news:03d301c34641$e87a3ed0$a101...@phx.gbl...

Bertil Hökerberg

unread,
Jul 9, 2003, 3:52:05 PM7/9/03
to
Thanks Dusty,

I have no problem connecting to our ISA VPN server from
the Internet using Windows XP PPTP VPN. However, when my
client is behind a NAT router, it does not work. The
router is placed at my ISP, and he says I need to use a
NAT Traversel enabled VPN solution. I thought this was an
issue for IPSec, not PPTP. My ISA does not have any
problem, since the needed ports and protocol rules are
open, and it obviously works with our aprox 200 VPN users.
Are there any special requirements on my ISP's NAT router,
exept for having the Port 1723 and Protocol 47 open?

Regards
Bertil Hökerberg
Lindab AB

>.
>

Dusty Harper {MS}

unread,
Jul 11, 2003, 6:15:39 PM7/11/03
to
NAT traversal is only an L2TP issue ( because of its IPSec encapsulation )

No special requirements are needed. you may want to sniff the VPN side and
verify that both the PPTP and the GRE packets are reaching your VPN server


--
--
Dusty Harper
Microsoft Corporation
----------------------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
----------------------------------------------------------------------------

"Bertil Hökerberg" <be...@lindab.com> wrote in message

news:9d4701c34653$92f31560$a401...@phx.gbl...

0 new messages