Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Yaroslav_Basenk
Participant
Jump to solution

pptp VPN to Proxy ARP IP from outside.

Hi All,

I tryed to pass pptp vpn through the CP (80.20) from outside use Proxy ARP IP-address. I mean chain Internet --> ProxyARP+HA Cluster--> Internal PPTP server. In logs I see accepted GRE traffic but connection from Internal PPTP server --> External client NATed by cluster external IP and not by IP which I need. And of course pptp connection do not establish in this case. Can CP use Proxy ARP ip addresses for GRE passthrough?
P/S Then I try use cluster IP for publictation this pptp server all works correctly.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
What NAT rules do you have configured here?
Also it seems weird you are seeing traffic originating from the cluster IP.
Might be worth a TAC case.
0 Kudos
Yaroslav_Basenk
Participant

I see NATed gre in the  Smart console (screenshot attached).

As I understand it, I have to have a NAT rule for GRE, but I cannot create NAT exactly for the GRE protocol (very funny). So all I found is to create a NAT rule with ANY in the source service column and Original in the Translated services column. This is not very convenient if I have several rules for this address.Maybe is there a way to create a NAT rule for the GRE and not for ANY?

0 Kudos
Yaroslav_Basenk
Participant

Created  NAT rule

0 Kudos
PhoneBoy
Admin
Admin
The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events