Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Trouble getting VPN Pass through to work on a Watchguard Firebox w/7.3 software

Posted on 2009-06-30
7
Medium Priority
?
1,652 Views
Last Modified: 2013-11-16
I am not able to authenticate to my MS PPTP server on the other side of a Watchguard x700 w/7.3 software.

I have configured a 1-1 NAT w/an available routable IP address mapped to an internal address of 10.0.0.96

I have configure a packet filter from ANY to the outside routable I used.  I have also tried from any to the 10.0.0.96 address.  

On the PPTP server I get a message about GRE not being passed but I am using the Watchguard PPTP filter that includes GRE.  I see where you can't static NAT GRE so, that is not an option.

I am looking for help in troubleshooting this problem.   Thanks....
0
Comment
Question by:pclark6127
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24751725
You should use the predefined PPTP service rather than a custom service; because the predefined service contains both TCP 1723 [for PPTP] and IP protocol # 47 [for GRE].

Please make sure that you configure 1-1 NAT, add NAT exception and that this public IP not part of alias on the external interface.

Please advice if you need more help.

Thank you.
0
 
LVL 1

Author Comment

by:pclark6127
ID: 24754934
Thanks..  I have done all this and it's still not working.  I have been advised by Watchguard to upgrade to 7.5 from 7.3.  I will be doing this today.  If it works I will update here.  Thanks..
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24755782
Not sure if upgrading to 7.5 would make any difference; please try that; one thing which I would be interested in knowing is that are you using software with high encryption [go to Help->About and it would tell].

Also, on the MS server the default gateway is the internal IP of FB and there are no multiple gateways configured on the MS server.

Thank you.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Expert Comment

by:stratlover4life
ID: 25735381
Hi I had this same issue and I can help you resolve it.
0
 
LVL 1

Expert Comment

by:stratlover4life
ID: 25735439

I know you have gone over this already but I will explain the Steps you need I spent hours trying to figure this crap out. First it doesnt matter if you are using WFS 7.3 or 7.5 the Steps below will be a great Help.

1. Create a 1 to 1 NAT from External to real Base( The trick is you can not  have the Ip in the external interface or the alternate interface basiclly the alias ip's i am refering too).
You Will need 1 IP for this just dedicated  from External to your MS Server running RRAS.
For Example in 1 to 1 NAT select in hosts to NAT 1 Real Base usable public IP and real base is the internal I of the Microsoft RRAS Server.

2. Create a new policy  with the packet Filters using PPTP.

In the Incoming Tab Select ANY.. (Very Important)

Select to in the incoming to the Public IP you specfied in the 1 to 1 NAT.

Go to Logging and allow logging for incoming Packets and outgoing denied and Allowed.

Save the config and test it using the public ip address from a DSL line or what ever you can outside your network.

When you test this using a simple microsoft PPTP VPN watch the Firebox active traffic log in WSM
and you will see the policy for PPTP Pass GRE and TCP port 1723 through the firebox and to the RRAS server. Since in the earlier steps we enabled login you should be able to see the traffic pass. If you have any problems let me know I Watchgaurd WFS and Fireware Pro like the back of my hand Dozens and Dozens of hours of experience. My email is josh@tnsnet.org
0
 
LVL 1

Expert Comment

by:stratlover4life
ID: 25735463
Also when you create the 1 to 1 NAt make sure you excude the same range
External to Realbase IP's in the Dynamic NAT tab Next to 1 to 1.
0
 
LVL 1

Accepted Solution

by:
pclark6127 earned 0 total points
ID: 25944595
Had to upgrade my firewall version to get this to work.   Sorry, non of the solutions worked.  Thanks for trying.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question