Support Center > Search Results > SecureKnowledge Details
PPTP traffic does not pass through Virtual System with enabled CoreXL and Hide NAT Technical Level
Symptoms
  • Client is not able to establish a PPTP tunnel with a Server through Virtual System with enabled CoreXL and Hide NAT configuration:

    Client ---(PPTP)--- [ VS, CoreXL, Hide NAT for Client ] ---(PPTP)--- Server
  • FW Monitor on relevant Virtual System shows that PPP Link Control Protocol (LCP) packets sent from PPTP Server back to the Client are Incorrectly NATed (the NAT Source IP address is seen at Pre-Inbound chain "i" and a different original address at Post-Inbound chain "I").

  • Kernel debug on relevant Virtual System shows that PPP LCP packets sent from PPTP server back to the client:

    • are not NATed
    • matched on different CoreXL FW Instance than the original connection
  • Disabling CoreXL on relevant Virtual System resolves the issue.

Cause

Due to the IPS protection 'Non Compliant PPTP', GRE packets (PPTP) that should undergo NAT are not processed correctly by the CoreXL on Virtual Systems.


Solution
Note: To view this solution you need to Sign In .