Solved

PPTP won't pass through ISA2004 + Firebox X Edge

Posted on 2007-03-29
2
1,221 Views
Last Modified: 2013-11-16
I'm having trouble getting PPTP traffic to pass through a Watchguard Firebox X Edge (on the remote side) and ISA 2004 (on my side) to a Windows 2003 RRAS box.

I can connect fine if I bypass the ISA server on my side, and similarly I can connect successfully through the ISA to many other PPTP VPN servers (including ones that are behind other Watchguards...).

It seems this particular combination of Watchguard and ISA 2004 doesn't pass PPTP through. I get error 691 on the VPN client and the Watchguard logs "deny in eth0 40 tcp 20 237 <ISA 2004 IP> <VPN internal IP> 40392 1723 ack rst (Non-est TCP)"

An extensive search of the web has shown a number of people with this issue on various combinations of firewalls...only changing the firewall at one end appears to help but I'd rather avoid that.

Any ideas?
0
Comment
Question by:nigelmh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 250 total points
ID: 18827331
Your only option is to see if there is updated software for the Watchguard.  Some combinations just do not work and if you work out the number of hours you spend trying to fix it by your hourly rate you will probably find it is a lot cheaper to replace it than continue to fight it.   I would still check the software update first.  Sometimes it is a known problem that is addressed in an update.  You could also call Watchguard as they may know about the problem and have a non-public fix for it.
0
 

Author Comment

by:nigelmh
ID: 18828062
You're right Rick. It wouldn't be so bad if the Watchguard didn't insist on using Watchguard's own VPN client to connect to it, but 'no client software deployment' is an absolute requirement in this case, so I can't go to the Watchguard and now I can't go through it!

I'm thinking of replacing it with a Checkpoint Safe@Office. I'm just hoping that won't break the two s2s vpn tunnels connecting it to their other offices...
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question