Inbound PPTP Traffic and Windows 2000 Network Address Translation (263925)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q263925

SUMMARY

Network Address Translation (NAT) in Windows 2000 has a built-in Point-to-Point Tunneling Protocol (PPTP) Editor that allows NAT clients to establish PPTP connections to external Virtual Private Network servers. An Editor is necessary because PPTP uses Generic Routing Encapsulation for tunneled data (IP protocol 47) as well as for the Transmission Control Protocol (TCP) port 1723. The Generic Routing Encapsulation packets do not have a TCP or User Datagram Protocol (UDP) header, which contains the port information that NAT translates.

NAT in Windows 2000 currently does not support incoming PPTP traffic from the external network(s) to an internal PPTP server behind the NAT server. Although you can create a special port mapping for TCP port 1723 to the PPTP server, there is no way to create a special port mapping for GRE traffic because it does not use TCP or UDP headers.

MORE INFORMATION

If external clients need to access a server located on the internal network behind NAT, they can establish a Virtual Private Network tunnel to the NAT server.
Modification Type:MajorLast Reviewed:9/22/2003
Keywords:kbinfo kbNAT kbnetwork KB263925
©2003 Microsoft Corporation. All rights reserved.