Solved

opening ports for rras on watchguard router

Posted on 2009-03-30
5
525 Views
Last Modified: 2012-05-06
Hi

I have to open ports on the watchguard router to be able to vpn from outside of the network. I have already setup the vpn on the server.

Does anyone know how to accomplish this task..
0
Comment
Question by:ashjuv
5 Comments
 
LVL 10

Expert Comment

by:Darylx
ID: 24026795
Open Policy Manager, Click the '+' icon to 'Add Service'.  Expand Packet Filters.  Select either IPSEC or PPTP (depending on your RRAS settings) then click the Add button.  You can give the service a name but the default will be ok, click OK.

On the 'Incoming tab' select "Enabled and Allowed" in the drop-down box.  Leave the 'From' (source) address as Any unless you want to restrict access to certain IPs.  In the 'To' (destination) box, click the Add button, click Add Other, select Host address and enter the IP address of the RRAS server.

Save the configuration to the Watchguard.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24027020
Please note if you are configuring PPTP then you must configure 1-1 NAT.

Please provide some details on VPN type and the version of WG Software and model.

Thank you.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24027220
0
 

Author Comment

by:ashjuv
ID: 24109422
Hi Guys

I got behind on this a fair bit.
Anyway, I am looking at the watch guard interface now, and configuring a the service for it.
 I need the following info

- Protocol service - specified port 1723

- Incoming fileter - allow ?
- service host - ?
- from - any?

Outgoing filter - ?
from - ?
to -  ?

0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24113849
You should use the packet filter service PPTP which not has TCP/1723 but also protocol 47 [for GRE]; as I said in my earlier post you would need 1-1 NAT configured.

I think you are running version 7.x of WG software, configure 1-1 NAT as below:
In Policy Manager go to:
1. Setup->NAT->Advanced->1-to-1 NAT Setup; Enable 1-to-1 NAT; click Add; Interface leave on to External; Number of hosts leave on to 1; NAT base (provide public IP here), Real base (provide internal IP of the server here). click OK.
2. Go to Dynamic NAT Exceptions tab, click Add; in From, specify private IP of machine, in To select External from drop-down. Click OK all the way back to Policy Manager.

The service would be configured as:
Incoming "Enabled and Allowed"; from ANY [or specific host/subnet IP]; to 1-1-NAT-public-ip
Outgoing "enabled and allowed"; from ANY; to ANY [you can leave this default or restrict just the server to be able to send traffic out]

Thank you.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD Replications issues 12 86
AnyConnect - VPN server list 2 50
Cisco Router help 5 53
domain controller migration seems succesful, however.... 9 60
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now