WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:
Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users
Course Of The Month
9 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
VPN client through SG 203 firewall to windows server
Posted on 2004-09-21
Hi,
We currently have a sonicwall firewall on our network which is forwarding PPTP (port 1723) requests to a local Windows 2000 Remote Access server. This is allowing clients to create a VPN connection through the firewall to the server. This appears to be the only rule on the firewall relating to VPN's.
We are trying to swap this firewall with an Avaya SG 203 firewall - I have replaced the sonicwall and set the 203 up in exactly the same way (same ip addresses, port forwarding rules etc). However when I try to connect a VPN client, it gets as far as verifying username and password and then fails with error 628 (the client is windows 98).
Any idea what I'm doing wrong?
Thanks in advance,
Edd
We currently have a sonicwall firewall on our network which is forwarding PPTP (port 1723) requests to a local Windows 2000 Remote Access server. This is allowing clients to create a VPN connection through the firewall to the server. This appears to be the only rule on the firewall relating to VPN's.
We are trying to swap this firewall with an Avaya SG 203 firewall - I have replaced the sonicwall and set the 203 up in exactly the same way (same ip addresses, port forwarding rules etc). However when I try to connect a VPN client, it gets as far as verifying username and password and then fails with error 628 (the client is windows 98).
Any idea what I'm doing wrong?
Thanks in advance,
Edd
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
4
9 Comments
I just changed from a PIX to a SGS Firwall. In addition to the port forward, on the new firewall I also needed a rule to let it in and a rule to let it back out.
Hmm....I have setup firewall rules to allow pptp in and out, and I've tried turning the firewall security off entirely - still no joy.
If your firewall security is fully off you may have another issue. I would reverify that the VPN works fine internally. As long as it's good inside, it's back to the firewall.
OK, With my small VPN/Firewall appliances, all I do is the port forwarding. With the SGS I had to do the Port Forward, Rule in and out as well as setup a NAT pool. I thought the NAT pool was a little weird, but that's what the SGS required. Also make sure your port is TCP and not UDP. Oh, one more thing, you may have to enable GRE which is TCP Protocol 47. I had to do that on my SGS.
Here is a link to the Port 47 Issue. I would try this first before fooling with NAT pools, etc.
http://support.microsoft.com/?id=241251
OK, With my small VPN/Firewall appliances, all I do is the port forwarding. With the SGS I had to do the Port Forward, Rule in and out as well as setup a NAT pool. I thought the NAT pool was a little weird, but that's what the SGS required. Also make sure your port is TCP and not UDP. Oh, one more thing, you may have to enable GRE which is TCP Protocol 47. I had to do that on my SGS.
Here is a link to the Port 47 Issue. I would try this first before fooling with NAT pools, etc.
http://support.microsoft.com/?id=241251
Ok, I have finally found where to enable custom protocols and have enable GRE and added it to the rules, but still am not getting anywhere.
I can't see any options for NAT pools - what are they for?
I can't see any options for NAT pools - what are they for?
Oh and the VPN works fine with the old firewall, so I'm assuming the problem is not with the VPN server/client.
I believe with the time and effort expended, points should be awarded. If you go to a Doctor or computer store, you still have to pay the doctor or technician for their time and whatever tests. If points were refunded to everyone who got help and then just disappeared, then everyone could get their questions answered and not have to give up points.
I have done this same thing with both SGS and Watchguard firewalls and am sure that is issue is in a NAT pool or one-to-one NAT for his issue. I'll ask for the points as I presented good, logical troublehsooting with some of the suggestions he did use. As for the rest, we might not know or it may have fixed his issue.
I have done this same thing with both SGS and Watchguard firewalls and am sure that is issue is in a NAT pool or one-to-one NAT for his issue. I'll ask for the points as I presented good, logical troublehsooting with some of the suggestions he did use. As for the rest, we might not know or it may have fixed his issue.
Hey,
Sorry, had forgotten all about this. The points are yours. The problem still isn't fixed sadly - any tips on NAT pools?
Ta,
Edd
Sorry, had forgotten all about this. The points are yours. The problem still isn't fixed sadly - any tips on NAT pools?
Ta,
Edd
Thank you, I appreciate that.
With my SGS, I had to create the rule and do port forwarding. I also had to setup a NAT pool to make it work. The pool would not work on the physical IP address of the firewall, so I had to assign it another address. For example, the interface might be 12.108.43.10. I had to assign the VPN Nat Pool .11 and direct all my vpn traffic to that address to make it work.
With the Watchguard, everything is the same, but they use a one to one NAT only for the PPTP. So, I still had to create the rule and do the forwarding, assign a different IP address than the physical one and direct the VPN traffic to that IP. The only difference is the Watchguard has you setup a one to one NAT for the PPTP to use.
Have you looked at the manufacturer's web site or called them about the PPTP?
With my SGS, I had to create the rule and do port forwarding. I also had to setup a NAT pool to make it work. The pool would not work on the physical IP address of the firewall, so I had to assign it another address. For example, the interface might be 12.108.43.10. I had to assign the VPN Nat Pool .11 and direct all my vpn traffic to that address to make it work.
With the Watchguard, everything is the same, but they use a one to one NAT only for the PPTP. So, I still had to create the rule and do the forwarding, assign a different IP address than the physical one and direct the VPN traffic to that IP. The only difference is the Watchguard has you setup a one to one NAT for the PPTP to use.
Have you looked at the manufacturer's web site or called them about the PPTP?
Featured Post
Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| QoS on Cisco router | 10 | 51 | |
| Outlook PST (cloud) backup | 3 | 77 | |
| Network access | 24 | 49 | |
| external website is | 16 | 28 |
Let’s list some of the technologies that enable smooth teleworking.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually.
After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month9 days, 9 hours left to enroll
740 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.