(ASCEND) NT PPTP through Pipeline 50 running NAT in Single IP address mode...

To: <ascend-users@bungi.com>
Subject: (ASCEND) NT PPTP through Pipeline 50 running NAT in Single IP address mode...
From: "Mike Dove" <mdove@email.msn.com>
Date: Mon, 6 Jul 1998 23:24:10 -0700
Sender: owner-ascend-users@max.bungi.com


Does not work, however in Multiple IP address mode it does work.  Details
below...

I am trying to run NT PPTP through a Pipeline 50 in single-IP address mode
(as my ISP only gives me one IP address).  In looking at a network monitor
on the LAN side, and the diagnostic monitor commands (natt, natl, napt) this
is what I believe is going on.

The normal TCP packets for some of the PPTP interaction works fine in either
case (TCP packets to port 1723).  Where the problem comes in is what PPP
Link Control Packets (IP General Routing Encapsulation packets).  These are
generated from the NT side, but never return in the single-IP address case.
In looking at a "natt" trace while this is happening, it appears that GRE
packets are coming back, but the "natt" trace says "NAT: drop dst X.X.X.X"
where X.X.X.X is the IP address of the original PPP negotiation when the
call originated.  Since I do not have an easy way to capture to WAN packets
as they go into the Pipeline, I am not sure why the Pipeline is refusing to
deal with these packets.  Since these are not TCP or UDP packets, they do
not have ports associated with them, so my speculation is a NAT on the P50
is doing some port remapping (potentially on non-TCP/UDP packets) when in
single-IP address mode that is not done when in multiple-IP address mode.

I have tried setting the "Default Server" parameter, but again, that also
applies only to TCP/UDP packets.  There seems to be no obvious way to get
GRE packets back when in single-IP address mode.  Now if the P50 is doing
port-remapping on GRE packets on the way out, then there is little hope.  If
in single-IP address mode, only TCP/UDP packets will get translated
correctly, there is also little hope.  I am sure someone out there has
figured this out.  Please let me know how.

Help,
Mike




++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) more stuff!
Next by Date: Re: (ASCEND) VPN on P50?
Prev by thread: Re: (ASCEND) New Problem
Next by thread: (ASCEND) Max 4004 - Line Stays Up, Connections Go To Sleep?
Index(es):
- Main
- Thread