VPN Establishment failure

Publication Date:  2013-08-26 Views:  174 Downloads:  0
Issue Description
The firewall OUT interface configures one public network IP address 61.88.182.115 to access INTERNET. Configured IP address of internal network is 192.168.22.62/25. Enable NAT for 192.168.22.0/25 on the firewall.
IP address of one laptop is 192.168.22.57/25 and it can access INTERNET normally. However, it fails to dial up VPN server of one site.
Alarm Information

N/A
Handling Process
Execute "nat alg en pptp" command on EUDEMON and test VPN access. It is not problematic. 
Root Cause
Set IP address on laptop as 61.88.182.115 and the gateway. Remove the cable on firewall OUT interface and insert the network port on laptop. It can dial VPN server of the site.
From the experiment above it is inferred that EUDEMON firewall is problematic.
It is doubted that the access policy is problematic. After the check there is no problem.
It is possible that the function of VPN dial-up access is not enabled. Check the configuration and find "undo nat alg enable pptp".
VPN dial-up requires application protocol PPTP. In terms of data configuration, NAT has denied PPTP. The network segment 192.168.22.0/25 cannot dial in VPN server of public network.
Suggestions
There is related configuration of application layer on NAT of EDUEMON. When the service of application layer is problematic, it is necessary to check data configuration of the part.

END