(ASCEND) NAT and PPTP

To: <ascend-users@bungi.com>
Subject: (ASCEND) NAT and PPTP
From: "Don Dumitru" <dondu@oz.net>
Date: Sun, 8 Feb 1998 17:55:23 -0800
Sender: owner-ascend-users@max.bungi.com


I'm having a problem with NAT and the PPTP protocol, and I'm hoping someone
has some advice.  Here's the info...

I'm running a P50 with 5.1Ap9.  I'm dialing into an ISP who supplies me with
a single IP address.  I've got two machines on my local net - a WinNT box
and a Linux box.  I'd like to be able to use both machines to connect to the
Internet, and I'd like the WinNT box to be able to make outbound PPTP
connections to my corpnet (my company runs a PPTP server box on the Internet
which I can connect to).

I've tried these two configurations...

1)  Set the P50 to NAT -> Single IP addr.  This should take the single IP
address assigned by my ISP, and let all of my local machines talk out.  And
in fact, it works - both of my machines can do normal ping'ing, etc. with
this config.  However, my WinNT machine can't make outbound PPTP
connections - they time-out during "Verifying username and password...".  I
have tried setting NAT -> Def Server to the IP address of my WinNT machine
(with all of the static mappings blank), but this made no difference.

2) Set the P50 to NAT -> Multi IP addr.  This should take the single IP
address assigned by my ISP, and let the "first" machine on my local net use
it to talk out - other machines on the local net cause the P50 to issue a
DHCP request, which my ISP ignores :-) so only the "first" machine gets
Internet connectivity.  With this config, if my WinNT machine is the "first"
machine (i.e. the first one to try to talk once the connection comes up),
then I can successfully make outbound PPTP connections.  But, in this
config, I can only use one local machine at a time talking to the Internet.

Looking at a packet sniff of both the working and the failure case (and
allowing for my very limited understanding of how PPP and PPTP work...), the
main thing I see is that PPTP seems to first use an outbound TCP connection
to do PPP negotiation, and then does a "callback" connection from the remote
to the local using GRE protocol packets to actually carry the data .  And in
 the failure case, I don't see the GRE packets coming back from the remote
for the "callback".

So, my supposition is that the P50, when configured for NAT -> Single IP
addr, is failing to route the inbound GRE packets to the host which
originated the PPTP session.  Has anyone seen this behavior before?  Might
there be a config option I just don't have set properly?

Thanks,
--Don


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) linux authentication trouble
Next by Date: Re: (ASCEND) pipeline 75 configuration problem
Prev by thread: (ASCEND) MAX 4004
Next by thread: (ASCEND) Follow up to NAT question
Index(es):
- Main
- Thread