Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PPTP won't pass through ISA2004 + Firebox X Edge

Posted on 2007-03-29
2
Medium Priority
?
1,228 Views
Last Modified: 2013-11-16
I'm having trouble getting PPTP traffic to pass through a Watchguard Firebox X Edge (on the remote side) and ISA 2004 (on my side) to a Windows 2003 RRAS box.

I can connect fine if I bypass the ISA server on my side, and similarly I can connect successfully through the ISA to many other PPTP VPN servers (including ones that are behind other Watchguards...).

It seems this particular combination of Watchguard and ISA 2004 doesn't pass PPTP through. I get error 691 on the VPN client and the Watchguard logs "deny in eth0 40 tcp 20 237 <ISA 2004 IP> <VPN internal IP> 40392 1723 ack rst (Non-est TCP)"

An extensive search of the web has shown a number of people with this issue on various combinations of firewalls...only changing the firewall at one end appears to help but I'd rather avoid that.

Any ideas?
0
Comment
Question by:nigelmh
2 Comments
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 750 total points
ID: 18827331
Your only option is to see if there is updated software for the Watchguard.  Some combinations just do not work and if you work out the number of hours you spend trying to fix it by your hourly rate you will probably find it is a lot cheaper to replace it than continue to fight it.   I would still check the software update first.  Sometimes it is a known problem that is addressed in an update.  You could also call Watchguard as they may know about the problem and have a non-public fix for it.
0
 

Author Comment

by:nigelmh
ID: 18828062
You're right Rick. It wouldn't be so bad if the Watchguard didn't insist on using Watchguard's own VPN client to connect to it, but 'no client software deployment' is an absolute requirement in this case, so I can't go to the Watchguard and now I can't go through it!

I'm thinking of replacing it with a Checkpoint Safe@Office. I'm just hoping that won't break the two s2s vpn tunnels connecting it to their other offices...
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question