Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

pptp VPN to Proxy ARP IP from outside.

Jump to solution

Hi All,

I tryed to pass pptp vpn through the CP (80.20) from outside use Proxy ARP IP-address. I mean chain Internet --> ProxyARP+HA Cluster--> Internal PPTP server. In logs I see accepted GRE traffic but connection from Internal PPTP server --> External client NATed by cluster external IP and not by IP which I need. And of course pptp connection do not establish in this case. Can CP use Proxy ARP ip addresses for GRE passthrough?
P/S Then I try use cluster IP for publictation this pptp server all works correctly.

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.

View solution in original post

0 Kudos
Reply
4 Replies
Highlighted
Admin
Admin
What NAT rules do you have configured here?
Also it seems weird you are seeing traffic originating from the cluster IP.
Might be worth a TAC case.
0 Kudos
Reply
Highlighted
Participant

I see NATed gre in the  Smart console (screenshot attached).

As I understand it, I have to have a NAT rule for GRE, but I cannot create NAT exactly for the GRE protocol (very funny). So all I found is to create a NAT rule with ANY in the source service column and Original in the Translated services column. This is not very convenient if I have several rules for this address.Maybe is there a way to create a NAT rule for the GRE and not for ANY?

0 Kudos
Reply
Highlighted
Participant

Created  NAT rule

0 Kudos
Reply
Highlighted
Admin
Admin
The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.

View solution in original post

0 Kudos
Reply