Tunnel Configuration Through NAT Examples
Clients on an Inside Network
Clients on an Outside Network
Copyright © 2010, Juniper Networks, Inc.
PPTP uses enhanced GRE encapsulation for PPP payloads. After the PPTP tunnel setup
process, PPP packets are exchanged using GRE encapsulation. It is critical that a NAT
device that resides between PPTP client and PPTP server allow GRE flows.
This section contains NAT configuration examples for both inside and outside PPTP
tunnel setup through NAT.
In this example, a subscriber on the inside network is initiating PPTP tunnels to a PPTP
server located in the outside network. The PPTP connection to the server traverses an
E Series router that has NAT enabled.
Figure 10: PPTP Tunnels on an Inside Network
The router has installed an inside source static simple translation in its translation table
as follows:
Inside Local Address
13.1.2.3
The PPTP client initiates its tunnels to the server at 11.11.11.1. The E Series router translates
the SA from inside local 13.1.2.3 to inside global SA 20.0.0.1. Because GRE traffic can pass
through NAT, all matching PPTP control packets are translated and forwarded to the
destination.
In this example, an outside subscriber initiates PPTP tunnels to a PPTP server located
in the service provider network. The PPTP connection to the server traverses an E Series
router that has NAT enabled.
Chapter 2: Configuring NAT
Inside Global Address
20.0.0.1
83