Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2316 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPTP not working after upgrade ASG 7 to UTM9

-andreas-
Hi,
The PPTP Connections at a customer does not work properly after the upgrade to UTM9 from ASG7.
The configuration of the tunnels was first made on ASG6, then a couple of years ago they upgraded to 7 (no problem). But now when I upgraded to UTM9 I get the problem.
When the configuration was first made on ASG6, we used static IP for all users that was in the same IP segment as the server. I guess that this is not recommended. So I have changed that to VPN-Pool (PPTP). With that change made, I am able to connect to the network and even ping the server(!) but, when I try to connect to the server with \192.168.1.10 it fails and RDP does not work either. I am also able to connect to Webadmin through the tunnel.
I have created a Firewall rule that says VPN-Pool (PPTP) - Any - Any, Allow
and placed it high in the rules list.
Some are using SSL tunnels, and they are working fine after the upgrade.

Best Regards
Andreas


This thread was automatically locked due to age.
  • 0
    Hi, andreas, and welcome to the User BB!

    Sometimes, a second reboot fixes these kinds of issues.  If not, try removing the PPTP configuration, disabling and then re-enabling and configuring.

    Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Ok, which configuration should I remove?
    Should I remove all the users from PPTP? Seems that the firewall don't want that list empty.
    I tried to just remove myself, disable PPTP, and add myself again, but that did not do the trick.

    Regards
    Andreas
  • 0
    Delete them all, change authentication to "RADIUS," Apply and Disable.

    Now, Enable, change to "Local," add the users back in and Enable.

    Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I'm having the same problem.  PPTP had been working fine since v6.  Got a new UTM425 to replace the old ASG220 with an upgrade from v7.5x to 9.x.

    Imported and everything looks just as it did before.  I can make a PPTP connection and get an IP address in the PPTP pool.  However, I can't ping anything (even UTM) nor access any internal resources through RDP even though the RDP rules are still there and look fine.

    I've done the delete/recreate as you suggested and it made no difference.
  • 0
    Sounds like it's time for what I call Rule #1 (enhanced):

    Whenever something seems strange, always check the Intrusion Prevention,
    Application Control and Firewall logs.


    Anything helpful in those logs?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks Bob.

    As an update, in checking the firewall logs earlier, all of the packets were being blocked as spoofed packets.  I turned Firewall --> Advanced --> Spoof Protection to Off and everything is flowing properly now.

    I see from this thread that others have had the same problem.  https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/t/54327

    Anyone aware of a fix for this so that I can enable spoof protection again?

    Thanks,
    Chris
  • 0
    Chris, can you confirm that you're not using the same IP range for the VPN as for "Internal (Network)"?

    Please post a complete line from the Firewall log file, not the Live Log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML