Solved

PPTP won't pass through ISA2004 + Firebox X Edge

Posted on 2007-03-29
2
1,206 Views
Last Modified: 2013-11-16
I'm having trouble getting PPTP traffic to pass through a Watchguard Firebox X Edge (on the remote side) and ISA 2004 (on my side) to a Windows 2003 RRAS box.

I can connect fine if I bypass the ISA server on my side, and similarly I can connect successfully through the ISA to many other PPTP VPN servers (including ones that are behind other Watchguards...).

It seems this particular combination of Watchguard and ISA 2004 doesn't pass PPTP through. I get error 691 on the VPN client and the Watchguard logs "deny in eth0 40 tcp 20 237 <ISA 2004 IP> <VPN internal IP> 40392 1723 ack rst (Non-est TCP)"

An extensive search of the web has shown a number of people with this issue on various combinations of firewalls...only changing the firewall at one end appears to help but I'd rather avoid that.

Any ideas?
0
Comment
Question by:nigelmh
2 Comments
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 250 total points
ID: 18827331
Your only option is to see if there is updated software for the Watchguard.  Some combinations just do not work and if you work out the number of hours you spend trying to fix it by your hourly rate you will probably find it is a lot cheaper to replace it than continue to fight it.   I would still check the software update first.  Sometimes it is a known problem that is addressed in an update.  You could also call Watchguard as they may know about the problem and have a non-public fix for it.
0
 

Author Comment

by:nigelmh
ID: 18828062
You're right Rick. It wouldn't be so bad if the Watchguard didn't insist on using Watchguard's own VPN client to connect to it, but 'no client software deployment' is an absolute requirement in this case, so I can't go to the Watchguard and now I can't go through it!

I'm thinking of replacing it with a Checkpoint Safe@Office. I'm just hoping that won't break the two s2s vpn tunnels connecting it to their other offices...
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now