VPN Establishment failure

Publication Date:  2013-08-26 Views:  201 Downloads:  0
Issue Description
The firewall OUT interface configures one public network IP address to access INTERNET. Configured IP address of internal network is Enable NAT for on the firewall.
IP address of one laptop is and it can access INTERNET normally. However, it fails to dial up VPN server of one site.
Alarm Information

Handling Process
Execute "nat alg en pptp" command on EUDEMON and test VPN access. It is not problematic. 
Root Cause
Set IP address on laptop as and the gateway. Remove the cable on firewall OUT interface and insert the network port on laptop. It can dial VPN server of the site.
From the experiment above it is inferred that EUDEMON firewall is problematic.
It is doubted that the access policy is problematic. After the check there is no problem.
It is possible that the function of VPN dial-up access is not enabled. Check the configuration and find "undo nat alg enable pptp".
VPN dial-up requires application protocol PPTP. In terms of data configuration, NAT has denied PPTP. The network segment cannot dial in VPN server of public network.
There is related configuration of application layer on NAT of EDUEMON. When the service of application layer is problematic, it is necessary to check data configuration of the part.