This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rules for VPN Traffic

hello

I have read the docs and have read me through the forum but still there are some questions about how to setup a Host to Net VPN:

Situation:
Cisco Router--->Astaro Firewall--->Internal Net (no dmz)

Cisco Router external IP: 212.33.24.66
Cisco Router internal IP: 192.168.254.1
Astaro "external" IP: 192.168.254.2
Astaro internal IP: 10.10.20.1

Now i need to setup a VPN for home dsl users with dynamic IP's. As VPN client i want PGPNET 7.0.4

So there are 2 questions i got:

What kind of Packet filter rules i have to set up? I have read in a example in the docs that they use

1)ANY-->ANY-->INTERNAL
2)INTERNAL-->ANY-->ANY

But with this rules everything is open which is not the best thing for me. Which single ports do i have do allow for VPN? I don't want to have any services accessible..

And do i have to make a Masquerading from Astaro External to Astaro Internal to make it possible that vpn users can access the internal net?

kind regards and thx for advices

This thread was automatically locked due to age.

0 imported_Jason over 23 years ago

the tcp service port for VPN is 1723
and the service protocol is 47
Cancel
Vote Up 0 Vote Down

Cancel
0 imported_Jason over 23 years ago in reply to imported_Jason

also you will have a terrible time trying to get VPN to work through your NAT Router no matter what type it is Cisco or whatever, it is very difficult and shaky at best.
Cancel
Vote Up 0 Vote Down

Cancel