PPTP won't pass through ISA2004 + Firebox X Edge
Posted on 2007-03-29
I'm having trouble getting PPTP traffic to pass through a Watchguard Firebox X Edge (on the remote side) and ISA 2004 (on my side) to a Windows 2003 RRAS box.
I can connect fine if I bypass the ISA server on my side, and similarly I can connect successfully through the ISA to many other PPTP VPN servers (including ones that are behind other Watchguards...).
It seems this particular combination of Watchguard and ISA 2004 doesn't pass PPTP through. I get error 691 on the VPN client and the Watchguard logs "deny in eth0 40 tcp 20 237 <ISA 2004 IP> <VPN internal IP> 40392 1723 ack rst (Non-est TCP)"
An extensive search of the web has shown a number of people with this issue on various combinations of firewalls...only changing the firewall at one end appears to help but I'd rather avoid that.