Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1406 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up PPTP rules and NAT

John da Newbie

I'm pretty new to Sophos Firewalls and need some basic help, to set up PPTP VPN.
The last Firewalls I worked with, were years ago, on IPCOP and M0n0wall based Systems, so very obsolete these days...

I already got SSL VPN working, because the "How to" were really detailed.

Now I need PPTP to let Clients connect to a specific Server.
To set up the Server I followed this instructions community.sophos.com/.../125662
On other Systems I needed a NAT and rules to bypass the PPTP traffic and I'm a bit overwhelmed with all these options :D
so I tried to get some input from here, but didn't found such basic infos.

Maybe someone could teach me this basic knowledge and sorry for that maybe dumb question.

System:
Sophos XG106 running SFOS 18.0.1 MR-1-Build396

If you need further information just ask

Cheers John



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Are you looking for end client system settings to connect over PPTP server? Below KBA will be helpful.

    https://community.sophos.com/kb/en-us/125372

  • 0 in reply to Vishal_R

    Hi  

    thanks for your response but its not the Client-sided configuration, that works fine.

    I just need to know how to set up the correct NAT and Rules, to make the PPTP communication via Sophos work.

    What I did is enabling PPTP, assign IP from* I filled in a IP adress range of my local subnet (should I make a separate internal range, like for SSL VPN?),
    as primary DNS server I took Google (8.8.8.8).

    I made a PPTP Usergroup (about 50 Users) with unlimited Internet access and PPTP Enabled, Login restriction: Any node

    I already set up the services (PPTP>TCP1723 and GRE) as a group and made a
    Inbound Rule: WAN,Any host > to > LAN,Local subnet > for > PPTP_GROUP
    Outbound Rule: LAN, Any > to > WAN, Any > for > PPTP_GROUP
    DNAT: Source: Any Host, Service: PPTP_GROUP, Destination: External IP -- Source: Original, Service: Original, Destination: Internal Server IP -- Inbound: Any Interface, Outbound ANy Interface

    Should I make another Rule with SNAT Source and as "Translated Source" the internal Server?

    With the old Firewalls there were only NAT.

    And do I need further Rules for the Usergroup, or do they have Access via PPTP Port in my PPTP_Group?

    Sorry I feel just a bit lost :)

    Regards John

Reply
  • 0 in reply to Vishal_R

    Hi  

    thanks for your response but its not the Client-sided configuration, that works fine.

    I just need to know how to set up the correct NAT and Rules, to make the PPTP communication via Sophos work.

    What I did is enabling PPTP, assign IP from* I filled in a IP adress range of my local subnet (should I make a separate internal range, like for SSL VPN?),
    as primary DNS server I took Google (8.8.8.8).

    I made a PPTP Usergroup (about 50 Users) with unlimited Internet access and PPTP Enabled, Login restriction: Any node

    I already set up the services (PPTP>TCP1723 and GRE) as a group and made a
    Inbound Rule: WAN,Any host > to > LAN,Local subnet > for > PPTP_GROUP
    Outbound Rule: LAN, Any > to > WAN, Any > for > PPTP_GROUP
    DNAT: Source: Any Host, Service: PPTP_GROUP, Destination: External IP -- Source: Original, Service: Original, Destination: Internal Server IP -- Inbound: Any Interface, Outbound ANy Interface

    Should I make another Rule with SNAT Source and as "Translated Source" the internal Server?

    With the old Firewalls there were only NAT.

    And do I need further Rules for the Usergroup, or do they have Access via PPTP Port in my PPTP_Group?

    Sorry I feel just a bit lost :)

    Regards John

Children