Solved

PPTP VPN to Watchguard using PPPoE

Posted on 2009-05-19
5
1,798 Views
Last Modified: 2013-11-16
Help, does anyone know how I can configure a Watchguard X1000 to allow users to connect to the VPN using PPTP where the external IP address is provided using PPPoE?

I have no way to change the external IP to a static address as the ISP in this case (Etisalat in Dubai) do not provide static IP addresses on DSL lines!

I have the X1000 set up with VPN tunnels between the UK branches and the Dubai branch using a dynamic DNS name which the Dubai server updates when the IP address changes and these work OK (most of the time). However if I try to get a mobile user connected the X1000 bloks theincoming packet automatically even though I have incoming VPNport traffic set to allowed. I also cannot access the Remote User setup options to check the settings.

I compared a config file from our X1000 to the one for Dubai and managed to amend the file to give the appropriate IP address options, etc. and also changed "networking.remote_vpn.pptp.active" from "no" to "yes".

However if I try to save this configuration file back to the X1000 in Dubai it returns an error message saying "PPTP clients are not supported when networking.dynamicip is true".

As mentioned, a static IP address is not an option, but can anyone give me any pointers at all. I am getting my backside kicked about this...

Thanks, Eddie
0
Comment
Question by:EddieWr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24428837
Which version of WG software are you running if you are running version 10.x then with PPPoE and dynaic IP you can enable dynamic DNS on external interface and then configure remote user VPN regularly.

I would like to point out here that, currently firebox only supports DynDNS and NO other dynamic DNS providers.

Other option is bit tricky, as GUI would disable remote user option itself when on dynamic IP then we can put up a cheap device [eg, D-link router (or any other brand as you wish)] in between DSL modem and FB. Now configure FB with static IP which would be on NATted subnet behind the router. Also, configure router to forward all ports to the FB IP [something like DMZ].

With this configuration you would get remote user VPN to work, here the success rate may not be 100% due to NAT implementation by different devices/vendors and ISP restrictions.

Thank you.
0
 

Author Comment

by:EddieWr
ID: 24452726
Hi dpk_wal,

Thanks for the information, we are running on version 7.4.1.

I guess the simple answer is that we cannot do it unless we put a router betweenthe ISP connection and the Watchguard?

Regards, Eddie
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24453239
Yes, that is correct.
0
 

Author Comment

by:EddieWr
ID: 24474567
Thanks Dpk_wal,

I am out in Dubai next week hopefully so will try that solution. We may even put the smaller firewall back in as this was newer but taken out due to a faulty ISP connection.

Ta, Eddie
0
 

Author Comment

by:EddieWr
ID: 24582577
Hi Dpk_wal,\\Just to let you know that I am in Dubai to do an office move and Etisalat decided to provide an ADSL Router instead of an ADSL modem so I was able to implement your suggestion and it appears to be working just fine.

Many thanks for your assitance, Eddie
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question