Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

opening ports for rras on watchguard router

Posted on 2009-03-30
5
Medium Priority
?
565 Views
Last Modified: 2012-05-06
Hi

I have to open ports on the watchguard router to be able to vpn from outside of the network. I have already setup the vpn on the server.

Does anyone know how to accomplish this task..
0
Comment
Question by:ashjuv
5 Comments
 
LVL 10

Expert Comment

by:Darylx
ID: 24026795
Open Policy Manager, Click the '+' icon to 'Add Service'.  Expand Packet Filters.  Select either IPSEC or PPTP (depending on your RRAS settings) then click the Add button.  You can give the service a name but the default will be ok, click OK.

On the 'Incoming tab' select "Enabled and Allowed" in the drop-down box.  Leave the 'From' (source) address as Any unless you want to restrict access to certain IPs.  In the 'To' (destination) box, click the Add button, click Add Other, select Host address and enter the IP address of the RRAS server.

Save the configuration to the Watchguard.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24027020
Please note if you are configuring PPTP then you must configure 1-1 NAT.

Please provide some details on VPN type and the version of WG Software and model.

Thank you.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 24027220
0
 

Author Comment

by:ashjuv
ID: 24109422
Hi Guys

I got behind on this a fair bit.
Anyway, I am looking at the watch guard interface now, and configuring a the service for it.
 I need the following info

- Protocol service - specified port 1723

- Incoming fileter - allow ?
- service host - ?
- from - any?

Outgoing filter - ?
from - ?
to -  ?

0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 24113849
You should use the packet filter service PPTP which not has TCP/1723 but also protocol 47 [for GRE]; as I said in my earlier post you would need 1-1 NAT configured.

I think you are running version 7.x of WG software, configure 1-1 NAT as below:
In Policy Manager go to:
1. Setup->NAT->Advanced->1-to-1 NAT Setup; Enable 1-to-1 NAT; click Add; Interface leave on to External; Number of hosts leave on to 1; NAT base (provide public IP here), Real base (provide internal IP of the server here). click OK.
2. Go to Dynamic NAT Exceptions tab, click Add; in From, specify private IP of machine, in To select External from drop-down. Click OK all the way back to Policy Manager.

The service would be configured as:
Incoming "Enabled and Allowed"; from ANY [or specific host/subnet IP]; to 1-1-NAT-public-ip
Outgoing "enabled and allowed"; from ANY; to ANY [you can leave this default or restrict just the server to be able to send traffic out]

Thank you.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question