[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need to configure PPTP PAss-through on a SonicWall TZ100 (SonicOS Enhanced)

Posted on 2009-12-29
9
Medium Priority
?
6,727 Views
1 Endorsement
Last Modified: 2012-08-14
I have a SonicWall TZ100 UTM device that I need to pass PPTP through to an internal Windows server. I used the wizard in the applicance to create the necessary port forwards and it does not work. I forwarded many other services such as SSL, etc and had no problems. Only the PPTP is not working.
This device has the SonicWall enhanced OS.

Thanks!
1
Comment
Question by:summit_pcguy
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26142663
This should help you:

http://www.experts-exchange.com/Networking/Misc/Q_21960910.html

Its a similar set to what you have...
0
 
LVL 1

Author Comment

by:summit_pcguy
ID: 26142673
Thanks. I already have the PPTP option enabled through the device so I don't think that article applies.
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26142781
What PPTP server software are you using?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 26143491
try manually opening and forwarding port 1723 (which is the port for pptp)
Do you have a compouter "on the inside" that you can test with, without going through Firewall?
0
 
LVL 1

Author Comment

by:summit_pcguy
ID: 26144044
They use regular old standard Microsoft built in PPTP client in XP box.
I usually do an Ipsec VPN out to a PC in my office and the do the PPTP back from that for testing.
In this case I have tested it using Remote Web Workplace to my home SBS box just to make absolutely certain it was hosed.
0
 
LVL 11

Expert Comment

by:ICaldwell
ID: 26145064
I am now confused, are you trying to pass through data for a server located behind this firewall or are these clients behind the firewall.... have you verified the connections work without the firewall running?
0
 
LVL 1

Expert Comment

by:serajadeyn
ID: 26147833
I was trying to help summit with this and the basic run-down i got was:

-SonicWall Tz100 UTM (new/recent equipment)
-Got some sales people that need to login to the 2k3 RRAS server through the firewall from outside (client doesn't want to use the dedicated VPN hardware for whatever reasoning)
-Setup a PPTP service forward from the WAN to the LAN (tried pointing directly to the server also as a host) to no avail.

The online documentation doesn't specifically mention anything about VPN services Pass-through, but I doubt they'd restrict that option seeing as this is an entry-level product geared to get SMBs away from gussied-up home internet routers. From what I understand the settings should be correct or has been setup correctly at least once during testing.

ICaldwell, to be specific; they're trying to connect remotely from outside the firewall device to a server internally and the connection isn't being made. It worked previously on the old sonicwall(died) and the band-aid linksys, so this isn't a server or an ISP issue. I'm interested in a solution for this as well as I know a few SMBs that could use a new router.
0
 
LVL 1

Accepted Solution

by:
serajadeyn earned 2000 total points
ID: 26148496
Found it;

the Tz100 has a VPN subcategory that's misleading as the main page asks if you want to enable it. This is not necessary to do for VPN (PPTP) Pass-Through. However, in the VPN>Advanced Subcategory, there is an option called " Preserve IKE Port for Pass Through Connections " that needs to be ticked as these settings -still apply- to the unit's routing even though it appears as the whole VPN category remains disabled.

Don't forget to Add a new entry under Network>NAT policies for the PPTP service and you're good to go.

For Future Reference, To add VPN Pass-Through on Sonicwall Enhanced OS (Tz series) devices:
Network>NAT Policies (add your PPTP Policiy)
Use the Firewall Matrix and create your Service Policy (WAN>LAN with a Destination of your Public IP)
go under VPN>Advanced, tick the box next to "Preserve IKE Port for Pass Through Connections "

Apply and Test and you should be set!
0
 
LVL 1

Author Closing Comment

by:summit_pcguy
ID: 31671032
Exactly what I needed. Works great.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question