|
Posted by on September 7, 2005, 11:04 am
If you were Registered and logged in, you could reply and use other advanced thread options
I'm fairly new to routing, so any help would be greatly appreciated.
Network is configured as follows:
Inside Network -> Watchguard Firewall -> Cisco 1721 -> Internet
I need to setup VPN access using a Windows server, on our inside
network (10.10.1.0). All NAT is done through the Firewall, and then
routed to the 1721. We have a range of public IP addresses we can use.
I've set up VPN on the server, and setup a port forwarding on the
firewall for 1723 to our server (10.10.1.254).
What I need help on is this: What do I need to do now so that somebody
attempting to connect from outside has the VPN connection route to the
server?
If I understand correctly, I need to have the 1721 route any traffic
using port 1723 to our Firewall public IP, which would then forward
that traffic to server using the internal address. I had thought about
forwarding only a specific IP address to the firewall address, but I
can't tell which IP addresses the firewall is using when it NATs, so I
think it needs to be on a port or protocol basis.
If this is correct, how would this be done on the 1721? I understand
the basics of navigating IOS, but I don't know the correct way to
implement it (or even if what I'm thinking is correct).
Thanks,
J
|
|
Posted by Walter Roberson on September 7, 2005, 7:07 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:Network is configured as follows:
:Inside Network -> Watchguard Firewall -> Cisco 1721 -> Internet
:I need to setup VPN access using a Windows server, on our inside
:network (10.10.1.0). All NAT is done through the Firewall, and then
:routed to the 1721. We have a range of public IP addresses we can use.
:I've set up VPN on the server, and setup a port forwarding on the
:firewall for 1723 to our server (10.10.1.254).
The port 1723 you mention is associated with PPTP, which uses tcp 1723
to set up the connection and then uses IP protocol 47 (GRE) to
transmit the packets. The problem with that is that GRE does not
have "ports" (it isn't TCP or UDP) so you cannot do port forwarding for it.
For information on configuring PPTP pass-thru and NAT support for IOS, see
http://www.cisco.com/warp/public/cc/pd/iosw/iore/iomjre121/prodlit/1065_pp.htm
http://www.cisco.com/warp/public/471/pptp_pat.html
(For the corresponding PIX information see
http://www.cisco.com/warp/public/110/pix_pptp.html )
Depending on the Windows Server version, you might have other VPN
options such as IPSec or L2TP.
--
Oh, to be a Blobel!
|
| Similar Threads | Posted | | Connecting to a PIX firewall using cisco VPM client though a Linksys WAG54G with eth firewall enabled | December 11, 2004, 5:16 pm |
| Is Cisco PIX Application level firewall or Packet level firewall? | October 14, 2005, 11:15 am |
| cisco 1721 dte as a dce | November 10, 2004, 12:27 pm |
| Cisco 1721 help | November 24, 2004, 8:00 pm |
| Cisco 1721 help | November 24, 2004, 8:04 pm |
| cisco 1721 need help | January 3, 2007, 7:10 pm |
| cisco 1721 help | March 23, 2008, 9:19 pm |
| Setting up VPN on a Cisco 1712 | October 20, 2005, 8:47 am |
| Setting bandwidth on a Cisco 837 | January 13, 2006, 5:11 pm |
| req adv: setting cisco 350 AP as repeater | May 11, 2008, 6:36 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map