Well, in truth, this is not NAT’s fault per se, but since it was involved, it takes the blame. I am setting up MS ISA 2006 to serve as a VPN concentrator…I’ll post more specifics on this soon. Suffice it to say that I spent a couple of hours getting everything set, to include having domain admins configure the ISA servers to belong to the RAS and IAS Server group, test accounts, firewall configuration, etc. As it turns out, a multiple server array cannot use DHCP, which is honestly just LAME, but there it is. I could not connect. The PPTP session negotiation would begin. From the client, I would see PPP LC Configuration Request. From the server, I would see the inbound requests, and the outbound Acks, but they never got to the client. Access lists on the PIX were permitting GRE and tcp 1723 as required, but still no joy. And then it hit me…
fixup protocol pptp 1723
and things start working. Have a nice day.
You might also enjoy:
{ 5 comments… read them below or add one }
thanks a lot, it helps….
thx a lot! it helps
It is not helping me. In my setup through ethreal log i can observe PADS – session confirmation completed, client is sending PPP LCP server is not sedfing PPP LCP and not responding.
Not much info in your post, but at a guess…your trace is being run from the client, so you are not seeing that your server IS responding, because egress ACLs are not permitting the response traffic.
Hope that helps.
Heh, that worked. I’m surprised it had to be manually configured.