Re: Windows VPN/RRAS traffic through watchguard

[Chuck Swiger <chuck () codefab com>]

Danny wrote:
> Now, a VPN "connection" is established from the Internet into the ISA
> server without a problem, however VPN traffic through the tunnel does
> not work most of the time. It's inconsistent but primarily does not
> work.
>
> So, now I try without the Watchguard in the picture, and the tunnel
> carries traffic just fine - as it should.
>
> Has anyone ever experience such a problem?

Are you using NAT?  If so, you'll need to use a UDP-based system, and/or assign 
unique TCP port numbers to each distinct connection.  Otherwise, you'll 
probably be limited to only having one VPN session active at a time.

Are you passing GRE through?  I recently had to deal with a similar situation 
involving Cisco's VPN hardware and their VPN client, and the following helps:

redirect_proto gre routerIP
redirect_port udp routerIP:500 500
redirect_port udp routerIP:4500 4500
redirect_port udp routerIP:62515 62515
redirect_port tcp routerIP:10000 10000
redirect_port tcp routerIP:pptp pptp

Replace routerIP with your ISA server's IP.  YMMV.

--
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards