The Point-to-Point Tunneling Protocol (PPTP) is a
network protocol that enables the secure transfer of data from a
remote client to an enterprise server by creating a VPN across TCP/IP-based data networks. PPTP
encapsulates PPP packets into IP datagrams for transmission over
the Internet or other public TCP/IP-based networks.
PPTP establishes a tunnel for
each communicating PPTP network server (PNS)-PPTP Access Concentrator (PAC) pair. After the tunnel is set up, PPP packets are
exchanged using enhanced generic routing encapsulation (GRE). A call ID present in the GRE header indicates the session to which a particular PPP
Network Address Translation (NAT) translates only the IP address and the port number of a PPTP message. Static and dynamic NAT configurations work with PPTP without the requirement of the PPTP application layer gateway (ALG). However, Port Address Translation (PAT) configuration requires the PPTP ALG to parse the PPTP header and facilitate the translation of call IDs in PPTP control packets. NAT then parses the GRE header and translates call IDs for PPTP data sessions. The PPTP ALG does not
translate any embedded IP address in the PPTP payload. The PPTP ALG is enabled by default when NAT is configured.
NAT recognizes PPTP packets that arrive on
the default TCP port, 1723, and invokes the PPTP ALG to parse control packets. NAT translates the call ID parsed by the PPTP ALG by
assigning a global address or port number. Based on the client and server call IDs, NAT creates two doors based on the request of the PPTP ALG.
( A door is created when there is insufficient information to create a complete NAT-session entry. A door contains information about the source IP address and the destination IP address and port.) Two NAT sessions are created (one with the server call ID and the other with the client call ID) for two-way data communication between the
client and server. NAT translates the
GRE packet header for data packets that complies with RFC 2673.
PPTP is a TCP-based protocol. Therefore, when NAT
TCP packet as a PPTP packet, it invokes the PPTP
ALG parse-callback function. The PPTP ALG fetches the embedded call ID
the PPTP header and creates a translation token for
the header. The PPTP ALG also creates data channels
for related GRE tunnels.
After ALG parsing, NAT processes the tokens
created by the ALG.