Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all


This thread has been viewed 0 times
  • 1.  PPTP

    Posted Aug 28, 2012 08:24 AM



    I have a customer having Aruba installed and is partly using the system. Running latest release (

    Some of the external consultants use PPTP thru the Aruba to reach internal resources.

    Also some of the customers employees also use PPTP.


    We are experiencing that only ONE connection is possible at one give time from same remote IP. So if 2 consultants from 1 company try PPTP, only the first is able to connect.


    Is this a limitation in the PPTP protocol or what?



  • 2.  RE: PPTP

    Posted Aug 28, 2012 08:31 AM

    It is more a limitation of the firewall at the originating site.  Some firewalls cannot pass more than one pptp connection at a time.


    Find out what firewall is in place and if it can pass multiple pptp connections.



  • 3.  RE: PPTP

    Posted Aug 28, 2012 08:36 AM

    I'm sure that the firewall can pass several connections, but we don't get more than one from each IP.


    I will check the customers firewall



  • 4.  RE: PPTP

    Posted Aug 28, 2012 08:48 AM

    I want to say, try to use ipsec, instead.  It has much better support and easy to enable on the controller.

  • 5.  RE: PPTP

    Posted Aug 28, 2012 04:10 PM

    PPTP is using GRE (Protocol 47) as the transport, and unlike TCP/UDP which has port number to identify the type of services, GRE do not.  Thus, The outgoing firewall or NAT routers need to have a way to uniquely differentiate the GRE traffics from two different PPTP station. I guess your NAT device do not support that.

  • 6.  RE: PPTP

    Posted Aug 29, 2012 02:30 AM



    Well, I'm sure if you guys have understood me correctly. The Aruba and the firewall/NAT device is serving several PPTP (GRE) connections as we speak. This clearly states that both the Aruba and firewall/NAT device can handle several PPTP connections at one given time.

    The problem occurs when 2 persons from the same remote location, try the PPTP. They will normally connect showing the same public IP. In this case, the second PPTP from the same location is not working.

    This might be a problem with the firewall on the remote location or the firewall/NAT in front of this Aruba.


    My main concern was that this was a Aruba problem, but as I can see this is more a firewall/NAT device problem.


    Will ask the firewall guys to have a look at the logs.



  • 7.  RE: PPTP

    Posted Aug 29, 2012 05:28 AM

    is your PPTP GRE Tunnel is configured as a NAT Inside interface in the outgoing firewall ?! :smileyfrustrated:


  • 8.  RE: PPTP

    Posted Aug 29, 2012 10:26 AM

    This article should explain it, in particular the PPTP data encapsulation section. Hope this helps.

  • 9.  RE: PPTP

    Posted Aug 29, 2012 10:26 AM

  • 10.  RE: PPTP

    Posted Dec 10, 2012 08:10 AM

    I also suffring from the same issue 6.1.3.X.X ....


    any soultion?


  • 11.  RE: PPTP

    Posted Dec 10, 2012 03:02 PM

    Nope, i honestly don't know if it is an Aruba limitation or what? Some suggested that it might be a limitation from the other end, allowing only one PPTP session outwards at a time, but that seems unlikely aswell.


    You should just open a case with Aruba to see if they got any clue. It's fairly easy to test, i will happily help you with a test if you want


    Roar Fossen

  • 12.  RE: PPTP

    Posted Dec 11, 2012 06:36 AM

    I built the same environment in my lab - and it's worked..So imam starting to feel that it the other end issue.

    But my client keep telling me that when trying to do it not via the Aruba environment..Owen he connecting directly to the GW (the two stations directly to the Lan GW it's working)


    I don't know...Imam feeling lost - and it's seems that there isn't any officio answers from Aruba side...

  • 13.  RE: PPTP

    Posted Dec 12, 2012 05:37 AM

    hi kdisc98,


    I have seen an open ticket about this, any chance you are able to make a packet capture at the entry to the controller, while establising one, then the second PPTP session ? can you also confirm that the basic toplogy you tested is something similar to what Mosher describes, i.e.


      client1 ----\

      client2 ----- [ NAT ] ----  { L3 network } --- [ controller ] ---- [ pptp server ]


    Mosher - if you have similar capture, do let me know ?


    Also, can you both confirm if you are using the controller to terminate the PPTP or external device - plus if there is any NAT on the controller or between it and the PPTP server if it's external




  • 14.  RE: PPTP

    Posted Dec 16, 2012 09:35 AM

    Please read bellow diagram.

    (I hope it will give u some idea - what to check)



    12-16-2012 4-29-45 PM.jpg

  • 15.  RE: PPTP

    Posted Dec 17, 2012 02:12 AM


    yeah, it does make you wonder if the dlink has some issue for multiple sessions. Checking around the net, it should support this - as long as pptp passthru is turned on. I am assuming you have no NAT configured on the controller, which means that this is really likely due to the dlink in your case.


    Can you check in the Dlink webUI under advanced -> firewall settings -> advanced and make sure that "PPTP passthru" is checked ?




  • 16.  RE: PPTP

    Posted Dec 17, 2012 08:52 AM

    Regarding your question,I checked in front of my client:

    The Dlink unit (VDSL MODEM ROUTER) is missing this needed config..It's so poor in configuration options





    It's docent have any  "PPTP passthru" or other vpn options enabler settings in the Firewall tab..


  • 17.  RE: PPTP

    Posted Dec 17, 2012 09:06 AM


    sorry about that, I had searched around and landed on an emulator website (http://support.dlink.com/emulators/wbr2310/adv_dmz.htm) that shows the settings - but clearly it's the wrong model.


    I just found a datasheet for this 6740-U and there doesn't seem to be any reference to the device as supporting any sort of VPN (ipsec, pptp or otherwise) passthru for N:1 NAT (which matches your observation of the webUI). May be worth to confirm with Dlink but thus far it seems to support the observation you have in your network.