We help IT Professionals succeed at work.

Access to a PPTP server beyond firewall

CesarGon
CesarGon asked
on
Hello.

We have a PPTP server in our office connected to an internal LAN with DHCP-based non-routable IP addresses. We want to access this server (also with a non-routable IP address) from the outside but our firewall (which has a WAN-side fixed IP address) is in the middle. How should I configure the firewall? Is it possible to access the PPTP server without a fixed IP address?

Thanks.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007

Commented:
Not easily.
You will at least need to know the IP address at the time you connect.

DHCP can be set to keep address leases for weeks or more, so that you have almost a fixed IP on the private LAN.

You will need to configure your firewall to allow access. Check the firewall documents on this.

http://www.practicallynetworked.com/support/VPN_help.htm VPN help routers

I hope this helps !

Commented:
give more details on the "our firewall
(which has a WAN-side fixed IP address).

if
hareware - make / modle
software - make - version

Shep

Author

Commented:
Thanks SysExpert and Shep.

Our firewall is a hardware device: "3Com OfficeConnect Internet Firewall 25". It has an external IP address assigned by our access provider using DHCP, but the leases are long so we can get it and it will stay for weeks, so it's practically usable.

I might configure the firewall to let VPN traffic get in, but then, which IP address should I give to my client machine at home to connect to: that of the firewall or that of the VPN server inside our private LAN? I guess that the first answer is correct. But then, how would our firewall know that incoming VPN traffic should be routed to our VPN server inside the LAN?

Kind regards,
Cesar.
CERTIFIED EXPERT
Top Expert 2007

Commented:
You need to tell the firewall to forward VPN traffic to your VPN server.
Check the 3com manual and site for info on how to do this.

Also make sure you have the latest firmware for your 3com firewall !

Check the http://www.practicallynetworked.com/
site for more helpful info !!

I hope this helps !

Author

Commented:
Thanks, SysExpert. I'll have a look at that web site. Also, I've got the "Designing a Secure Microsoft Windows 2000 Network" book, which seems to discuss that topic in length. Also, I've checked the 3Com web site and it seems that our firewall dows not support port redirection on incoming data.

I'll let you know about my progress.

Commented:
There is a "VPN Upgrade" available for the OfficeConnect family firewalls:
http://support.3com.com/software/officeconnect_internetfirewall.htm

Commented:

Commented:

Commented:

Commented:

Commented:

Commented:
klover, now that's a rich answer you have...
Just avoid cut'n'paste and the error will not occur...

Commented:
that would explain a few posts of my own

Commented:
sounds like there better be an upgrade soon

Commented:
IE6 problem?

Commented:
I'm sorry, haven't been here in a while.  Did not mean to post an answer.  I was trying to suggest a Zyxel 642 router which has easy port forwarding and a dynamic DNS feature.  It registers it's IP with a dynamic DNS service each time it changes, so you can always hit myhost.whatever.com.

Author

Commented:
Thanks for the note, AvonWyss. We know of the VPN upgrade, but we were trying to solve the problem without putting more money into it.
Points refunded and moved to PAQ

** Mindphaser - Community Support Moderator **

Explore More ContentExplore courses, solutions, and other research materials related to this topic.