Re: [fw-wiz] Windows VPN/RRAS traffic through watchguard
From: Chuck Swiger (chuck_at_codefab.com)
Date: 09/01/05
- Previous message: Brenno Hiemstra: "Fwd: [fw-wiz] firewall rule lifecycle management"
- In reply to: Danny: "[fw-wiz] Windows VPN/RRAS traffic through watchguard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Danny <nocmonkey@gmail.com> Date: Wed, 31 Aug 2005 20:02:11 -0400
Danny wrote:
> Now, a VPN "connection" is established from the Internet into the ISA
> server without a problem, however VPN traffic through the tunnel does
> not work most of the time. It's inconsistent but primarily does not
> work.
>
> So, now I try without the Watchguard in the picture, and the tunnel
> carries traffic just fine - as it should.
>
> Has anyone ever experience such a problem?
Are you using NAT? If so, you'll need to use a UDP-based system, and/or assign
unique TCP port numbers to each distinct connection. Otherwise, you'll
probably be limited to only having one VPN session active at a time.
Are you passing GRE through? I recently had to deal with a similar situation
involving Cisco's VPN hardware and their VPN client, and the following helps:
redirect_proto gre routerIP
redirect_port udp routerIP:500 500
redirect_port udp routerIP:4500 4500
redirect_port udp routerIP:62515 62515
redirect_port tcp routerIP:10000 10000
redirect_port tcp routerIP:pptp pptp
Replace routerIP with your ISA server's IP. YMMV.
-- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Brenno Hiemstra: "Fwd: [fw-wiz] firewall rule lifecycle management"
- In reply to: Danny: "[fw-wiz] Windows VPN/RRAS traffic through watchguard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
