VPN over a NAT to NAT connection?

[HeroOfPellinor]

I have a Cisco PIX 506 at work and a Siemens 2602 at home. Both run NAT and I need to be able to VPN. The server behind the 506 is configured fine and has been hosting PPTP connections for a while. I can successfullly connect to the server, because it has an external IP address that routes to the internal NAT'd address, but I can't access any network resources like file sharing or Exchange.

Any suggestions? Thanks.

 

[Saltin]

Connectivity wise, it sounds like everything is in order. Your problem seems to be authentication based. If you let us know the os's and whatnot, it would help some.

 

[HeroOfPellinor]

The client network, my home, is all Windows 2000 while the server network, at work, is all Windows NT 4.0. I connect fine when I plug straight into the DSL modem, but when I put the router inbetween it connects, but won't give me access to anything.

I've been searching the net most of the day for NAT to NAT VPN configuration help, but haven't found much yet. Thanks.

 

[crudas]

Forward port 1723 to your client with your home router. Also you might need to turn on PPTP passthrough if you router has that ability.
CRU

 

[Garion]

In general, PPTP is fairly fussy about running across NAT's - Only a few NAT solutions will work. IPSec is a bit more friendly, but not if you're using certificates.

- G

 

[HeroOfPellinor]

Thanks for the help. Am I correct in my assumption that the only 2 ports I need open are 1723 and 47 for GRE? I heard you need to open 6 as well, but I'm not sure about that.

 

[spidey07]

PPTP and NAT are very picky. Tricky for that matter.

PPTP uses TCP port number 1743 for tunnel maintenance/setup and IP protocol number 47 for GRE. hope this helps. Getting the IP protocol 47 through NAT is the tricky part because there is no layer4 information like port numbers for the NAT to work with. Some VPN implementations get around this by adding a UDP header, some don't.