Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 2602 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow PPTP VPN traffic thru ASL to internal RRAS?

Jack_in_the_Box
I have been asked to configure our ASL4 firewall to accept PPTP VPN traffic from one of the external IP's assigned on the firewall and pass it thru to the Win2K3 RRAS server on the internal network.  Configuring ASL to accept the PPTP connections by enabling PPTP Roadwarrior is not an option for this customer.  

I've configurred DNAT to pass GRE and TCP 1723 to the internal host but that didn't work.  TCP 1723 is working fine, it would appear to be GRE that isn't working correctly.  I feel like I'm missing something obvious in ASL's configuration to allow this and was hoping someone here might be able to offer some suggestions or items to check to get this to work.

Thanks,
Chris   


This thread was automatically locked due to age.
  • 0
    From your post I gather you have created a two DNAT rules,



    External                  External                           External
    Source                    Destination                       Service

    Any                    Outside Interface                  GRE
    Any                    Outside Interface                  TCP 1723



    External                  Translated                        Translated
    Source                    Destination                       Service

    Any                                RRAS                          GRE
    Any                                RRAS                          TCP 1723


    The next thing you need to do is create a service in your definitions, call it PPTP with source and destination TCP 1723, then in your packet filter rules create two packet filter rules, the first one is to allow any machine to access RRAS using the PPTP service definition you just created and the second rule is to allow any machine to access RRAS using GRE


    From             Service        To                Action

    Any               PPTP           RRAS           Allow
    Any               GRE             GRE            Allow





    Hope this helps.





      
  • 0

    Hi

     

    I have same issue with Microsoft Server 2016 and Sophos SG135 now :) - https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/87949/configure-sophos-sg-135-utm-9-to-allow-microsoft-routing-and-remote-access-service-microsoft-rras

    If you managed to resolve your issue and by any chance recall what was the solution back in 2003 :) I would much appreciate it!

     

    Thanks,

    Kon

Unfiltered HTML