RE: PPTP Vpdn Question

Hello,


PPtP uses gre as transport protocol. GRE is stateless protocol (it has no port 
number), thats why ordinary NAT can't do more than one PPtP session. NAT on 
FreeBSD has hook for this issue, thats all.



> -----Original Message-----
> From: Oleksandr Pantus [mailto:alx@xxxxxxxxxxxxxxx]
> Sent: Wednesday, July 30, 2003 5:53 PM
> To: Dan Armstrong
> Cc: cisco-nsp@xxxxxxxxxxxxxxx
> Subject: Re: [nsp] PPTP Vpdn Question
> 
> 
> Hello !
> 
> Here we have got the same problem. Our investigation shows that such
> behaviour is caused mostly by various NAT alghorhytm. For example,
> there is no problem with multiple clients behind the FreeBSD NAT while
> Linux NAT (ip masquerade they name it) gives us the same 
> picture as yours.
> 
> On Wed, 30 Jul 2003, Dan Armstrong wrote:
> > We have a 7206 terminating PPTP VPDN connections, authenticated with
> > radius.
> >
> > It seems that if I have a customer out there in the world 
> behind a NAT
> > firewall, they can only make one PPTP connection to us.  
> During a debug,
> > I notice that the second user trying to connect appears to 
> try and get
> > stuffed into the first person's Virtual Access interface, and
> > essentially kicks off the first person, and the second 
> person appears to
> > hang up.
> >
> > I imagine this has something to do with the fact that thay both
> > "appear" to be coming from 1 remote IP.... does anybody know a way
> > around this?
> 
> 
> 
> -- 
> S/Y,
> Alexander, MD,                        nic-hdl: AJP1-UANIC
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp@xxxxxxxxxxxxxxx
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

_______________________________________________
cisco-nsp mailing list  cisco-nsp@xxxxxxxxxxxxxxx
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/