Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1197 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPTP to Internal routing

Tom Garcia
I have a problem with ASL routing PPTP connected clients to the internal LAN.  I have read the trail from exiof and comeanddance and tried setting the internal mask to 255.255.0.0 but that didn't work...even with a wide open PPTP/ANY/ANY/ALLOW filter.  Here's a crude diagram of what I am trying to accomplish (Outside is simulating the static IP from my cable modem provider):

Internal LAN w/W2k PC @ 172.29.8.105/GW172.29.8.12
172.29.8.0/24
      |
      |
IP=172.29.8.12
ASL Firewall ---DMZ 172.29.7.0/24--.25=Web/FTP Svr
IP=24.24.1.24/23
GW=24.24.1.1
      |
      |
W2k Laptop - w/W2k PPTP Client
IP=24.24.1.1
GW=24.24.1.24

The laptop can hit the Web & FTP servers fine and also bring up the PPTP link and get assigned an IP from my PPTP virtual network 172.29.9.0/24.

I can't see the laptop from the internal LAN and can't see anything internal from the laptop PPTP client.

Can someone enlighten me as to things to try?  So far, ASL looks fantastic.

Thanks!


This thread was automatically locked due to age.
  • 0
    Still have not resolved this issue and still waiting for a hint of what I am doing wrong.  Even a 'flame' at this point would be welcome....constructive 'flame' please.....
  • 0 in reply to Tom Garcia
    when i set up pptp i usualy setup my pptp pool as a subnet of my lan network.  for example;
    lan 172.26.8.0/24
    pptp 172.26.8.240/28
    (255.255.255.240 if i converted correctly)

    with this setup the pptp clients will get an ip on the lan network and be able to access it.  if you use WINS you sould be able to at least find shares by netbios name.  hope this is of some help.

    tim
  • 0 in reply to chimney
    Well,

    That did it...  Seems like it should have worked with the different subnet but right now, I don't need many addresses.  Sure easier to configure ASL than the Cis** P*X's I've done.

    Thanks again!
Unfiltered HTML