?
Solved

PPTP won't pass through ISA2004 + Firebox X Edge

Posted on 2007-03-29
2
Medium Priority
?
1,224 Views
Last Modified: 2013-11-16
I'm having trouble getting PPTP traffic to pass through a Watchguard Firebox X Edge (on the remote side) and ISA 2004 (on my side) to a Windows 2003 RRAS box.

I can connect fine if I bypass the ISA server on my side, and similarly I can connect successfully through the ISA to many other PPTP VPN servers (including ones that are behind other Watchguards...).

It seems this particular combination of Watchguard and ISA 2004 doesn't pass PPTP through. I get error 691 on the VPN client and the Watchguard logs "deny in eth0 40 tcp 20 237 <ISA 2004 IP> <VPN internal IP> 40392 1723 ack rst (Non-est TCP)"

An extensive search of the web has shown a number of people with this issue on various combinations of firewalls...only changing the firewall at one end appears to help but I'd rather avoid that.

Any ideas?
0
Comment
Question by:nigelmh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 750 total points
ID: 18827331
Your only option is to see if there is updated software for the Watchguard.  Some combinations just do not work and if you work out the number of hours you spend trying to fix it by your hourly rate you will probably find it is a lot cheaper to replace it than continue to fight it.   I would still check the software update first.  Sometimes it is a known problem that is addressed in an update.  You could also call Watchguard as they may know about the problem and have a non-public fix for it.
0
 

Author Comment

by:nigelmh
ID: 18828062
You're right Rick. It wouldn't be so bad if the Watchguard didn't insist on using Watchguard's own VPN client to connect to it, but 'no client software deployment' is an absolute requirement in this case, so I can't go to the Watchguard and now I can't go through it!

I'm thinking of replacing it with a Checkpoint Safe@Office. I'm just hoping that won't break the two s2s vpn tunnels connecting it to their other offices...
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This program is used to assist in finding and resolving common problems with wireless connections.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question