Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1404 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up PPTP rules and NAT

John da Newbie

I'm pretty new to Sophos Firewalls and need some basic help, to set up PPTP VPN.
The last Firewalls I worked with, were years ago, on IPCOP and M0n0wall based Systems, so very obsolete these days...

I already got SSL VPN working, because the "How to" were really detailed.

Now I need PPTP to let Clients connect to a specific Server.
To set up the Server I followed this instructions community.sophos.com/.../125662
On other Systems I needed a NAT and rules to bypass the PPTP traffic and I'm a bit overwhelmed with all these options :D
so I tried to get some input from here, but didn't found such basic infos.

Maybe someone could teach me this basic knowledge and sorry for that maybe dumb question.

System:
Sophos XG106 running SFOS 18.0.1 MR-1-Build396

If you need further information just ask

Cheers John



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Are you looking for end client system settings to connect over PPTP server? Below KBA will be helpful.

    https://community.sophos.com/kb/en-us/125372

  • 0 in reply to Vishal_R

    Hi  

    thanks for your response but its not the Client-sided configuration, that works fine.

    I just need to know how to set up the correct NAT and Rules, to make the PPTP communication via Sophos work.

    What I did is enabling PPTP, assign IP from* I filled in a IP adress range of my local subnet (should I make a separate internal range, like for SSL VPN?),
    as primary DNS server I took Google (8.8.8.8).

    I made a PPTP Usergroup (about 50 Users) with unlimited Internet access and PPTP Enabled, Login restriction: Any node

    I already set up the services (PPTP>TCP1723 and GRE) as a group and made a
    Inbound Rule: WAN,Any host > to > LAN,Local subnet > for > PPTP_GROUP
    Outbound Rule: LAN, Any > to > WAN, Any > for > PPTP_GROUP
    DNAT: Source: Any Host, Service: PPTP_GROUP, Destination: External IP -- Source: Original, Service: Original, Destination: Internal Server IP -- Inbound: Any Interface, Outbound ANy Interface

    Should I make another Rule with SNAT Source and as "Translated Source" the internal Server?

    With the old Firewalls there were only NAT.

    And do I need further Rules for the Usergroup, or do they have Access via PPTP Port in my PPTP_Group?

    Sorry I feel just a bit lost :)

    Regards John

  • 0 in reply to John da Newbie

    Hi  

    To make it more simple I am summarize details as per below :

    PPTP will be either in Split tunnel and full tunnel.

    1) Split tunnel : 2 Rules needed on FW,  a) LAN To VPN ( No NAT needed) and b) VPN to LAN ( with NAT action MASQ)

    2) Full tunnel : 3 rules needed on FW. a) & b) as per above c) VPN to WAN ( with NAT action MASQ).==> For Internet traffic from end VPN machine.

  • 0 in reply to Vishal_R

    Hi  

    I'll try that!

    But for my understanding, I can just choose "VPN" as "Source" or "Destination"
    and don't have to create the PPTP 1723 Port as Service and Group it with GRE?

    Regards John

Reply Children
No Data