PP2P using Fortigate 50B

Posted on 2011-09-29
Last Modified: 2012-05-12
Hi Guys,

I am trying to configure a Fortigate 50GB to pass through VPN requests to a Microsoft 2003 RASS server. Any idea on the best way to do this? I am having no luck.
Question by:Layer3User
  • 4
  • 2
LVL 15

Expert Comment

ID: 36858077
Yes, you need to open up port 1723 TCP, GRE and ICMP
1723 is used to establish the tunnel.
GRE (Generic Route Encapsulation) is a protocol, it is IP protocol 47 that is used to actually tunnel the traffic.
ICMP needs to be opened up - I found that one out the hard way.  Dunno why it needs it but it wouldn't establish the connection without it.


Author Comment

ID: 36860468
Ah, the ICMP might have got me. I'll try this.

Author Comment

ID: 36900252
Nope, that didn't seem to work.
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

LVL 15

Expert Comment

ID: 36901303
I recall that the way I resolved it previously was to set up a packet capture on the device, then open up IP ANY/ANY then capture the traffic.  Then you'll know exactly what protocols are being used to establish the VPN.
It could also be a firewall on the box you are connecting into. Most domain computers will block any IP traffic that originates outside its own subnet.

Accepted Solution

Layer3User earned 0 total points
ID: 37118064
No solution found.

Author Closing Comment

ID: 37136773
No solution found.

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question