cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

pptp VPN to Proxy ARP IP from outside.

Jump to solution

Hi All,

I tryed to pass pptp vpn through the CP (80.20) from outside use Proxy ARP IP-address. I mean chain Internet --> ProxyARP+HA Cluster--> Internal PPTP server. In logs I see accepted GRE traffic but connection from Internal PPTP server --> External client NATed by cluster external IP and not by IP which I need. And of course pptp connection do not establish in this case. Can CP use Proxy ARP ip addresses for GRE passthrough?
P/S Then I try use cluster IP for publictation this pptp server all works correctly.

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: pptp VPN to Proxy ARP IP from outside.

Jump to solution
The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.
0 Kudos
4 Replies
Admin
Admin

Re: pptp VPN to Proxy ARP IP from outside.

Jump to solution
What NAT rules do you have configured here?
Also it seems weird you are seeing traffic originating from the cluster IP.
Might be worth a TAC case.
0 Kudos

Re: pptp VPN to Proxy ARP IP from outside.

Jump to solution

I see NATed gre in the  Smart console (screenshot attached).

As I understand it, I have to have a NAT rule for GRE, but I cannot create NAT exactly for the GRE protocol (very funny). So all I found is to create a NAT rule with ANY in the source service column and Original in the Translated services column. This is not very convenient if I have several rules for this address.Maybe is there a way to create a NAT rule for the GRE and not for ANY?

0 Kudos

Re: pptp VPN to Proxy ARP IP from outside.

Jump to solution

Created  NAT rule

0 Kudos
Admin
Admin

Re: pptp VPN to Proxy ARP IP from outside.

Jump to solution
The NAT rulebase only allows you to use TCP or UDP services in the service column.
To do any other IP protocol like GRE, you must use "Any" in the rulebase.
0 Kudos