Solved

opening ports for rras on watchguard router

Posted on 2009-03-30
5
513 Views
Last Modified: 2012-05-06
Hi

I have to open ports on the watchguard router to be able to vpn from outside of the network. I have already setup the vpn on the server.

Does anyone know how to accomplish this task..
0
Comment
Question by:ashjuv
5 Comments
 
LVL 10

Expert Comment

by:Darylx
Comment Utility
Open Policy Manager, Click the '+' icon to 'Add Service'.  Expand Packet Filters.  Select either IPSEC or PPTP (depending on your RRAS settings) then click the Add button.  You can give the service a name but the default will be ok, click OK.

On the 'Incoming tab' select "Enabled and Allowed" in the drop-down box.  Leave the 'From' (source) address as Any unless you want to restrict access to certain IPs.  In the 'To' (destination) box, click the Add button, click Add Other, select Host address and enter the IP address of the RRAS server.

Save the configuration to the Watchguard.
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
Please note if you are configuring PPTP then you must configure 1-1 NAT.

Please provide some details on VPN type and the version of WG Software and model.

Thank you.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
Comment Utility
0
 

Author Comment

by:ashjuv
Comment Utility
Hi Guys

I got behind on this a fair bit.
Anyway, I am looking at the watch guard interface now, and configuring a the service for it.
 I need the following info

- Protocol service - specified port 1723

- Incoming fileter - allow ?
- service host - ?
- from - any?

Outgoing filter - ?
from - ?
to -  ?

0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
Comment Utility
You should use the packet filter service PPTP which not has TCP/1723 but also protocol 47 [for GRE]; as I said in my earlier post you would need 1-1 NAT configured.

I think you are running version 7.x of WG software, configure 1-1 NAT as below:
In Policy Manager go to:
1. Setup->NAT->Advanced->1-to-1 NAT Setup; Enable 1-to-1 NAT; click Add; Interface leave on to External; Number of hosts leave on to 1; NAT base (provide public IP here), Real base (provide internal IP of the server here). click OK.
2. Go to Dynamic NAT Exceptions tab, click Add; in From, specify private IP of machine, in To select External from drop-down. Click OK all the way back to Policy Manager.

The service would be configured as:
Incoming "Enabled and Allowed"; from ANY [or specific host/subnet IP]; to 1-1-NAT-public-ip
Outgoing "enabled and allowed"; from ANY; to ANY [you can leave this default or restrict just the server to be able to send traffic out]

Thank you.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now