I have successfully forwarded pptp traffic to an inside server that runs Microsoft RRAS VPN service. These are the lines in my config:
access-list outside_access_in extended permit gre any host vpn.host.com
access-list outside_access_in extended permit tcp any host vpn.host.com eq pptp
static (inside,outside) vpn.host.com internal_vpn_server netmask 255.255.255.255
The server runs two services, therefore I have to make a port address translation on the third line.
However if I type this command:
static (inside,outside) tcp vpn.host.com pptp internal_vpn_server pptp netmask 255.255.255.255
This is shown in the log:
Deny inbound protocol 47 src Outside:22.214.171.124 dst Outside:vpn.host.com
Protocol 47 is GRE. If I remove PAT pptp the traffic flows successfully (like line 3 in config).
So my question is: How do I make a static NAT rule with PAT with the GRE protocol?
Is it possible?
I need to publish both pptp and tftp on the same internal server. That is why I need to make PAT. But it fails, as you can see from the log.
Hope you understand my problem.