Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PPTP VPN to Watchguard using PPPoE

Posted on 2009-05-19
5
Medium Priority
?
1,876 Views
Last Modified: 2013-11-16
Help, does anyone know how I can configure a Watchguard X1000 to allow users to connect to the VPN using PPTP where the external IP address is provided using PPPoE?

I have no way to change the external IP to a static address as the ISP in this case (Etisalat in Dubai) do not provide static IP addresses on DSL lines!

I have the X1000 set up with VPN tunnels between the UK branches and the Dubai branch using a dynamic DNS name which the Dubai server updates when the IP address changes and these work OK (most of the time). However if I try to get a mobile user connected the X1000 bloks theincoming packet automatically even though I have incoming VPNport traffic set to allowed. I also cannot access the Remote User setup options to check the settings.

I compared a config file from our X1000 to the one for Dubai and managed to amend the file to give the appropriate IP address options, etc. and also changed "networking.remote_vpn.pptp.active" from "no" to "yes".

However if I try to save this configuration file back to the X1000 in Dubai it returns an error message saying "PPTP clients are not supported when networking.dynamicip is true".

As mentioned, a static IP address is not an option, but can anyone give me any pointers at all. I am getting my backside kicked about this...

Thanks, Eddie
0
Comment
Question by:EddieWr
  • 3
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 1500 total points
ID: 24428837
Which version of WG software are you running if you are running version 10.x then with PPPoE and dynaic IP you can enable dynamic DNS on external interface and then configure remote user VPN regularly.

I would like to point out here that, currently firebox only supports DynDNS and NO other dynamic DNS providers.

Other option is bit tricky, as GUI would disable remote user option itself when on dynamic IP then we can put up a cheap device [eg, D-link router (or any other brand as you wish)] in between DSL modem and FB. Now configure FB with static IP which would be on NATted subnet behind the router. Also, configure router to forward all ports to the FB IP [something like DMZ].

With this configuration you would get remote user VPN to work, here the success rate may not be 100% due to NAT implementation by different devices/vendors and ISP restrictions.

Thank you.
0
 

Author Comment

by:EddieWr
ID: 24452726
Hi dpk_wal,

Thanks for the information, we are running on version 7.4.1.

I guess the simple answer is that we cannot do it unless we put a router betweenthe ISP connection and the Watchguard?

Regards, Eddie
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24453239
Yes, that is correct.
0
 

Author Comment

by:EddieWr
ID: 24474567
Thanks Dpk_wal,

I am out in Dubai next week hopefully so will try that solution. We may even put the smaller firewall back in as this was newer but taken out due to a faulty ISP connection.

Ta, Eddie
0
 

Author Comment

by:EddieWr
ID: 24582577
Hi Dpk_wal,\\Just to let you know that I am in Dubai to do an office move and Etisalat decided to provide an ADSL Router instead of an ADSL modem so I was able to implement your suggestion and it appears to be working just fine.

Many thanks for your assitance, Eddie
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question