Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 23464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pass through PPTP

SteveHart

We attempted to put our new UTM in service over the weekend and while most things worked, we had to roll back because two different VPNs failed.

The one I'm looking help with on this thread is a PPTP VPN. Traffic passes through the UTM to an internal IP. The VPN is actually terminated on that box. Other than the firewall, nothing changed on the customer's end or anywhere else. It works with our Juniper; it doesn't with the UTM.

My setup
1) Outside and inside interfaces configured.
2) Outside interface set to watch the mapped (external) IP.
3) SNAT rule natting traffic from (Internal IP) to any, Source translation: (External IP), No automatic firewall rule.
4) DNAT rules allowing PPTP, GRE and AUTH from Any to Internet [Outside IP](Address) Destination translation: (Internal IP), Automatic firewall rules on all 3.
5) Firewall policy allowing all traffic from (Internal IP) to any.

Any ideas what I'm missing?



This thread was automatically locked due to age.
Parents
  • 0
    I've found a log of the problem. Packets are being dropped. It lists "fwrule=60001". I have less than 200 firewall rules. Where do I look to find what 60001 means?
  • 0 in reply to SteveHart

    Turns out Google is my friend. It says that a 60001 is a default drop and that I likely need a NAT entry. I have three NAT entries from this outside IP to the internal IP. One allows PPTP, one allows GRE and one allows AUTH. All have automatic firewall rules. I'm researching further, but if anyone has the answer quicker feel free to chime in. :)

  • 0 in reply to SteveHart
    Please show a representative line from the full Firewall log file, not the Live Log. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    Cheers - Bob
Reply
  • 0 in reply to SteveHart
    Please show a representative line from the full Firewall log file, not the Live Log. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    Cheers - Bob
Children
No Data