Firewall Wizards mailing list archives
Re: Windows VPN/RRAS traffic through watchguard
From: Chuck Swiger <chuck () codefab com>
Date: Wed, 31 Aug 2005 20:02:11 -0400
Danny wrote:
Now, a VPN "connection" is established from the Internet into the ISA server without a problem, however VPN traffic through the tunnel does not work most of the time. It's inconsistent but primarily does not work. So, now I try without the Watchguard in the picture, and the tunnel carries traffic just fine - as it should. Has anyone ever experience such a problem?
Are you using NAT? If so, you'll need to use a UDP-based system, and/or assign unique TCP port numbers to each distinct connection. Otherwise, you'll probably be limited to only having one VPN session active at a time.
Are you passing GRE through? I recently had to deal with a similar situation involving Cisco's VPN hardware and their VPN client, and the following helps:
redirect_proto gre routerIP redirect_port udp routerIP:500 500 redirect_port udp routerIP:4500 4500 redirect_port udp routerIP:62515 62515 redirect_port tcp routerIP:10000 10000 redirect_port tcp routerIP:pptp pptp Replace routerIP with your ISA server's IP. YMMV. -- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Windows VPN/RRAS traffic through watchguard Danny (Aug 31)
- Re: Windows VPN/RRAS traffic through watchguard Chuck Swiger (Aug 31)