Access to a PPTP server beyond firewall
Hello.
We have a PPTP server in our office connected to an internal LAN with DHCP-based non-routable IP addresses. We want to access this server (also with a non-routable IP address) from the outside but our firewall (which has a WAN-side fixed IP address) is in the middle. How should I configure the firewall? Is it possible to access the PPTP server without a fixed IP address?
Thanks.
We have a PPTP server in our office connected to an internal LAN with DHCP-based non-routable IP addresses. We want to access this server (also with a non-routable IP address) from the outside but our firewall (which has a WAN-side fixed IP address) is in the middle. How should I configure the firewall? Is it possible to access the PPTP server without a fixed IP address?
Thanks.
give more details on the "our firewall
(which has a WAN-side fixed IP address).
if
hareware - make / modle
software - make - version
Shep
(which has a WAN-side fixed IP address).
if
hareware - make / modle
software - make - version
Shep
ASKER
Thanks SysExpert and Shep.
Our firewall is a hardware device: "3Com OfficeConnect Internet Firewall 25". It has an external IP address assigned by our access provider using DHCP, but the leases are long so we can get it and it will stay for weeks, so it's practically usable.
I might configure the firewall to let VPN traffic get in, but then, which IP address should I give to my client machine at home to connect to: that of the firewall or that of the VPN server inside our private LAN? I guess that the first answer is correct. But then, how would our firewall know that incoming VPN traffic should be routed to our VPN server inside the LAN?
Kind regards,
Cesar.
Our firewall is a hardware device: "3Com OfficeConnect Internet Firewall 25". It has an external IP address assigned by our access provider using DHCP, but the leases are long so we can get it and it will stay for weeks, so it's practically usable.
I might configure the firewall to let VPN traffic get in, but then, which IP address should I give to my client machine at home to connect to: that of the firewall or that of the VPN server inside our private LAN? I guess that the first answer is correct. But then, how would our firewall know that incoming VPN traffic should be routed to our VPN server inside the LAN?
Kind regards,
Cesar.
You need to tell the firewall to forward VPN traffic to your VPN server.
Check the 3com manual and site for info on how to do this.
Also make sure you have the latest firmware for your 3com firewall !
Check the http://www.practicallynetworked.com/
site for more helpful info !!
I hope this helps !
Check the 3com manual and site for info on how to do this.
Also make sure you have the latest firmware for your 3com firewall !
Check the http://www.practicallynetworked.com/
site for more helpful info !!
I hope this helps !
ASKER
Thanks, SysExpert. I'll have a look at that web site. Also, I've got the "Designing a Secure Microsoft Windows 2000 Network" book, which seems to discuss that topic in length. Also, I've checked the 3Com web site and it seems that our firewall dows not support port redirection on incoming data.
I'll let you know about my progress.
I'll let you know about my progress.
There is a "VPN Upgrade" available for the OfficeConnect family firewalls:
http://support.3com.com/software/officeconnect_internetfirewall.htm
http://support.3com.com/software/officeconnect_internetfirewall.htm
klover, now that's a rich answer you have...
Just avoid cut'n'paste and the error will not occur...
Just avoid cut'n'paste and the error will not occur...
that would explain a few posts of my own
sounds like there better be an upgrade soon
IE6 problem?
I'm sorry, haven't been here in a while. Did not mean to post an answer. I was trying to suggest a Zyxel 642 router which has easy port forwarding and a dynamic DNS feature. It registers it's IP with a dynamic DNS service each time it changes, so you can always hit myhost.whatever.com.
ASKER
Thanks for the note, AvonWyss. We know of the VPN upgrade, but we were trying to solve the problem without putting more money into it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will at least need to know the IP address at the time you connect.
DHCP can be set to keep address leases for weeks or more, so that you have almost a fixed IP on the private LAN.
You will need to configure your firewall to allow access. Check the firewall documents on this.
http://www.practicallynetworked.com/support/VPN_help.htm VPN help routers
I hope this helps !