Solved

opening ports for rras on watchguard router

Posted on 2009-03-30
5
532 Views
Last Modified: 2012-05-06
Hi

I have to open ports on the watchguard router to be able to vpn from outside of the network. I have already setup the vpn on the server.

Does anyone know how to accomplish this task..
0
Comment
Question by:ashjuv
5 Comments
 
LVL 10

Expert Comment

by:Darylx
ID: 24026795
Open Policy Manager, Click the '+' icon to 'Add Service'.  Expand Packet Filters.  Select either IPSEC or PPTP (depending on your RRAS settings) then click the Add button.  You can give the service a name but the default will be ok, click OK.

On the 'Incoming tab' select "Enabled and Allowed" in the drop-down box.  Leave the 'From' (source) address as Any unless you want to restrict access to certain IPs.  In the 'To' (destination) box, click the Add button, click Add Other, select Host address and enter the IP address of the RRAS server.

Save the configuration to the Watchguard.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24027020
Please note if you are configuring PPTP then you must configure 1-1 NAT.

Please provide some details on VPN type and the version of WG Software and model.

Thank you.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24027220
0
 

Author Comment

by:ashjuv
ID: 24109422
Hi Guys

I got behind on this a fair bit.
Anyway, I am looking at the watch guard interface now, and configuring a the service for it.
 I need the following info

- Protocol service - specified port 1723

- Incoming fileter - allow ?
- service host - ?
- from - any?

Outgoing filter - ?
from - ?
to -  ?

0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24113849
You should use the packet filter service PPTP which not has TCP/1723 but also protocol 47 [for GRE]; as I said in my earlier post you would need 1-1 NAT configured.

I think you are running version 7.x of WG software, configure 1-1 NAT as below:
In Policy Manager go to:
1. Setup->NAT->Advanced->1-to-1 NAT Setup; Enable 1-to-1 NAT; click Add; Interface leave on to External; Number of hosts leave on to 1; NAT base (provide public IP here), Real base (provide internal IP of the server here). click OK.
2. Go to Dynamic NAT Exceptions tab, click Add; in From, specify private IP of machine, in To select External from drop-down. Click OK all the way back to Policy Manager.

The service would be configured as:
Incoming "Enabled and Allowed"; from ANY [or specific host/subnet IP]; to 1-1-NAT-public-ip
Outgoing "enabled and allowed"; from ANY; to ANY [you can leave this default or restrict just the server to be able to send traffic out]

Thank you.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question