Wtachguard X700 + PPTP problems! 1

[ilisoft]

Hi Guy's,

I'm getting frustrated. I cannot connect with PPTP to my Firebox X700.

I Activated Remote users + enabled drop mode
I Added some free IP-adresses
I Added my Authenticated users and add them to pptp_users group.

When I try to connect from external site I receive error 678.

Then I tried to add a policy with port 1723 (NAT) to my server.
When I try to connect to a W2K3 server with Routing & Ras enabled, I can't pass Checking Username and Password. I believe I also need IP 47 open to my server. Problems is I'm unable to use NAT and without NAT I recieve error.

I'm really stuck! Some help would help me a lot.

Greetings

 

[coladmin]

are you trying to make a PPTP connection to the firebox or to a Win2k3 server.

 

[pankajchawla]

What kind of logs you get on the traffic monitor in both the cases?

 

[bullens]

I have the same issue that I believe ilisoft is having:- current situation Firebox X700 acting as the firewall in routed mode with a Win2k3 RRAS server behind the firebox since you are unable to NAT protocol 47 (according to the manual) how do you get the firebox to pass protocol 47 through to the RRAS server to the public IP address (aliased) of the external side of the RRAS server???

Any help is most appreciated as I am starting to pull my hair out.

Cheers
Si

 

[pankajchawla]

You need a free public ip available and with that you will do 1-1 nat to the ip of the RRAS server.

For ex
Public External 1.1.1.1/24
/\
/ \
/ \
|------
trusted 2.2.2.1/24
|
|
|
RAS Server 2.2.2.2 GW FB 2.2.2.1


You will nat 1.1.1.2 to 2.2.2.2 in setup>>nat>>advanced>1-1 nat.
then you use predefined packet filter PPTP and set the incoming from any to natted public ip address.

It really works....