Tunnel Configuration Through Nat Examples; Clients On An Inside Network; Figure 10: Pptp Tunnels On An Inside Network - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Tunnel Configuration Through NAT Examples

Clients on an Inside Network

Copyright © 2010, Juniper Networks, Inc.
Configure a group of destination prefixes with which the device can communicate on
8.
the public network.
host1:vr1:vrf11(config-interface)#ip destination-prefix 128.13.44.0 255.255.255.0
Mark the subscriber interface as outside.
9.
host1:vr1:vrf11(config-interface)#ip nat outside
host1:vr1:vrf11(config-interface)#exit
Point the default route to the shared interface.
10.
host1:vr1:vrf11(config)#ip route 0.0.0.0 0.0.0.0 ip vrf11vr1
Install a null route to avoid routing loops to the inside global address.
11.
host1:vr1:vrf11(config)#ip route 128.13.44.0 255.255.255.0 null 0
PPTP uses enhanced GRE encapsulation for PPP payloads. After the PPTP tunnel setup
process, PPP packets are exchanged using GRE encapsulation. It is critical that a NAT
device that resides between PPTP client and PPTP server allow GRE flows.
This section contains NAT configuration examples for both inside and outside PPTP
tunnel setup through NAT.
In this example, a subscriber on the inside network is initiating PPTP tunnels to a PPTP
server located in the outside network. The PPTP connection to the server traverses an
E Series router that has NAT enabled.

Figure 10: PPTP Tunnels on an Inside Network

The router has installed an inside source static simple translation in its translation table
as follows:
Inside Local Address
13.1.2.3
The PPTP client initiates its tunnels to the server at 11.11.11.1. The E Series router translates
the SA from inside local 13.1.2.3 to inside global SA 20.0.0.1. Because GRE traffic can pass
Chapter 2: Configuring NAT
Inside Global Address
20.0.0.1
83