Pavel, I am still not convinced... Can you please share your config and maybe a sniffer trace on the client?
Tnx, Arie On Sat, Feb 27, 2016, 23:27 Pavel Dimow <[email protected]> wrote: > Hi Arie, > > no, that's not the case since I use local policy routing to force traffic > to go via correct provider and I can confirm that this works. Let me try to > be more precise. > > My PPTP server has to uplinks, Gi1/1 with ISP 1 and ip address 1.1.1.1 and > Gi2/2 with ISP2 and ip address 2.2.2.2. It has a default route to ISP1 and > default route with higher metric to ISP2. I do have a correct local policy > routing to force all traffic generated by router with source 1.1.1.1 to > ISP1 next-hop and with source 2.2.2.2 to ISP2 next-hop. > > My PPTP server has a local ip pool and it will assign a PPTP client an > address 3.3.3.3. > > My PPTP client has public ip address from his ISP let't it be 9.9.9.9. > > My PPTP client will successfully establish PPTP session when he use > 1.1.1.1 as the address of PPTP server and everything works. > > My PPTP client will successfully establish PPTP session when he use > 2.2.2.2 as the address of PPTP server but it can't do anything (he can ping > and address on the PPTP server itself but it can't ping anything behind, > and from the PPTP server I can ping PPTP client). To be more precise, the > traffic from client will reach destination, and destination will reply and > that packet will reach the PPTP server but it will not forward traffic to > the client. When I add the static route on PPTP server to 9.9.9.9/32 and > next-hop to be 2.2.2.2 (ISP2) it will start working. > > To me it looks like a bug or this is not a valid setup what I am trying > to do but I could not find anyone with similar problem. > > > > > On Sat, Feb 27, 2016 at 5:58 AM, Arie Vayner <[email protected]> wrote: > >> What most likely happens is that ISP1 is using uRPF on their side, so >> when you source traffic to the Internet with the source IP of ISP2's >> assignment through ISP1's interface, they drop your upstream traffic. >> (I am not 100% sure which direction you meant as receive and trasmit... >> From the point of view of the router or the vpn user, but what I described >> would cause traffic from the user to reach the router, but return traffic >> would fail...) >> >> Arie >> >> On Fri, Feb 26, 2016 at 8:32 AM Matthew Huff <[email protected]> wrote: >> >>> First, >>> >>> Why are you using PPTP and not either SSL VPN or IPSEC VPN? PPTP using >>> ancient crypto and has been severely deprecated. Policy routing also has a >>> lot of issues, including punting from CEF into CPU routing. Avoid it if you >>> can. If you have higher metrics, why do you need it? >>> >>> >>> >>> ---- >>> Matthew Huff | 1 Manhattanville Rd >>> Director of Operations | Purchase, NY 10577 >>> OTA Management LLC | Phone: 914-460-4039 >>> aim: matthewbhuff | Fax: 914-694-5669 >>> >>> >>> > -----Original Message----- >>> > From: cisco-nsp [mailto:[email protected]] On Behalf >>> Of >>> > Pavel Dimow >>> > Sent: Friday, February 26, 2016 11:02 AM >>> > To: [email protected] >>> > Subject: Re: [c-nsp] Cisco pptp server >>> > >>> > Anyone? :) >>> > >>> > On Thu, Feb 25, 2016 at 11:32 PM, Pavel Dimow <[email protected]> >>> > wrote: >>> > >>> > > Hi, >>> > > >>> > > I have a very strange problem (well at least to me). >>> > > >>> > > I have a cisco 1921 which serves as PPTP server. On server I have two >>> > > different ISP's connections, ISP1 and ISP2. I have a default route to >>> > > ISP1 and default route to ISP2 with tracking and higher metric. I >>> have >>> > > configured local policy routing so I always send PPTP packets to the >>> > > correct ISP. >>> > > >>> > > Now when I connect from client to PPTP server and in server address I >>> > > enter the ip address of interface where ISP1 is terminated everything >>> > > works. But when I connect from client to PPTP server and in server >>> > > address I enter the ip address of interface where ISP2 is terminated >>> > > the session is established but I can't do anything as I see only my >>> > > outgoing traffic and no incoming traffic via PPTP tunnel. The funny >>> > > part is that, when I enter the static route on PPTP server (the >>> public >>> > > ip address of PPTP client) everything works. Is this normal >>> > behaviour? >>> > > >>> > > If anyone can shed a light on this I would be very grateful ;) >>> > > >>> > > >>> > > >>> > > >>> > _______________________________________________ >>> > cisco-nsp mailing list [email protected] >>> > https://puck.nether.net/mailman/listinfo/cisco-nsp >>> > archive at http://puck.nether.net/pipermail/cisco-nsp/ >>> _______________________________________________ >>> cisco-nsp mailing list [email protected] >>> https://puck.nether.net/mailman/listinfo/cisco-nsp >>> archive at http://puck.nether.net/pipermail/cisco-nsp/ >>> >> > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
