Solved

opening ports for rras on watchguard router

Posted on 2009-03-30
5
539 Views
Last Modified: 2012-05-06
Hi

I have to open ports on the watchguard router to be able to vpn from outside of the network. I have already setup the vpn on the server.

Does anyone know how to accomplish this task..
0
Comment
Question by:ashjuv
5 Comments
 
LVL 10

Expert Comment

by:Darylx
ID: 24026795
Open Policy Manager, Click the '+' icon to 'Add Service'.  Expand Packet Filters.  Select either IPSEC or PPTP (depending on your RRAS settings) then click the Add button.  You can give the service a name but the default will be ok, click OK.

On the 'Incoming tab' select "Enabled and Allowed" in the drop-down box.  Leave the 'From' (source) address as Any unless you want to restrict access to certain IPs.  In the 'To' (destination) box, click the Add button, click Add Other, select Host address and enter the IP address of the RRAS server.

Save the configuration to the Watchguard.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24027020
Please note if you are configuring PPTP then you must configure 1-1 NAT.

Please provide some details on VPN type and the version of WG Software and model.

Thank you.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24027220
0
 

Author Comment

by:ashjuv
ID: 24109422
Hi Guys

I got behind on this a fair bit.
Anyway, I am looking at the watch guard interface now, and configuring a the service for it.
 I need the following info

- Protocol service - specified port 1723

- Incoming fileter - allow ?
- service host - ?
- from - any?

Outgoing filter - ?
from - ?
to -  ?

0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24113849
You should use the packet filter service PPTP which not has TCP/1723 but also protocol 47 [for GRE]; as I said in my earlier post you would need 1-1 NAT configured.

I think you are running version 7.x of WG software, configure 1-1 NAT as below:
In Policy Manager go to:
1. Setup->NAT->Advanced->1-to-1 NAT Setup; Enable 1-to-1 NAT; click Add; Interface leave on to External; Number of hosts leave on to 1; NAT base (provide public IP here), Real base (provide internal IP of the server here). click OK.
2. Go to Dynamic NAT Exceptions tab, click Add; in From, specify private IP of machine, in To select External from drop-down. Click OK all the way back to Policy Manager.

The service would be configured as:
Incoming "Enabled and Allowed"; from ANY [or specific host/subnet IP]; to 1-1-NAT-public-ip
Outgoing "enabled and allowed"; from ANY; to ANY [you can leave this default or restrict just the server to be able to send traffic out]

Thank you.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question