VPN client passthrough to Windows Server 2003 - Cisco RV120W

Answered Question
Mar 7th, 2012

I want to pass my client VPN request to MS Win Server 2003 - on FW I forwarded port for PPTP service to my server address, but on client side I get an error 619. On Cisco RV120W I have Site-to-Site VPN tunnel which works fine, PPTP server on Cisco is disabled. What should I do to pass VPN request to my LAN server to handle it?

I have this problem too.
0 votes
Correct Answer by jasbryan about 2 years 1 month ago

Murko,

First you want to make yourself a custom service of PPTP(1723) next you will want to make the rule in your ACL and not in the forwarding range. As we have found a few bugs when setting up port fowarding under port forwarding.

Internet NAT redirection does not work using firewall port-forwarding rules.

• Description—A LAN client cannot access a service by using the WAN IP

address of the LAN device (such as an IP camera or an FTP server).

• Work Around—Enable access to the service by creating a firewall access

rule on the Firewall > Access Rules page. After clicking Add to add a rule,

make the following selections:

- Connection Type—Inbound (WAN (Internet > LAN (Local Network)

- Action—Always Allow

- Service—Specify HTTP for web server or, if the service uses a custom

port, you can add it.

- Send to Local Server (DNAT IP)—Enter the internal IP address of the

server.

- Make sure the Rule Status is set to Enabled and save the settings.

After this you will be able to access the server via FQDN from both

Internal and external hosts. Note that it is not necessary to create a port

Forwarding rule; when applying the access rule, the router creates the

Corresponding port forward. Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
internal and external hosts. Note that it is not necessary to create a port
forwarding rule; when applying the access rule, the router creates the
corresponding port forward.

Full Release notes

Thanks,

  Jasbryan

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
jasbryan Wed, 03/07/2012 - 08:24

Murko,

First you want to make yourself a custom service of PPTP(1723) next you will want to make the rule in your ACL and not in the forwarding range. As we have found a few bugs when setting up port fowarding under port forwarding.

Internet NAT redirection does not work using firewall port-forwarding rules.

• Description—A LAN client cannot access a service by using the WAN IP

address of the LAN device (such as an IP camera or an FTP server).

• Work Around—Enable access to the service by creating a firewall access

rule on the Firewall > Access Rules page. After clicking Add to add a rule,

make the following selections:

- Connection Type—Inbound (WAN (Internet > LAN (Local Network)

- Action—Always Allow

- Service—Specify HTTP for web server or, if the service uses a custom

port, you can add it.

- Send to Local Server (DNAT IP)—Enter the internal IP address of the

server.

- Make sure the Rule Status is set to Enabled and save the settings.

After this you will be able to access the server via FQDN from both

Internal and external hosts. Note that it is not necessary to create a port

Forwarding rule; when applying the access rule, the router creates the

Corresponding port forward. Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
internal and external hosts. Note that it is not necessary to create a port
forwarding rule; when applying the access rule, the router creates the
corresponding port forward.

Full Release notes

Thanks,

  Jasbryan

matjaz.murko@pe... Wed, 03/07/2012 - 09:05

Hi Jasbryan.

Thank you for your quick response. I did it as you described in your reply, but I still get the 619 error...

jasbryan Wed, 03/07/2012 - 09:31

Murko,

Call into the support center and have the next available engineer take a look at your configuration and start trouble shooting. Possibly the PPTP server on the router could be interfering with your PPTP server.  (All support Numbers)

Jasbryan

matjaz.murko@pe... Thu, 03/08/2012 - 05:01

Thank you for your reply. I did contact the support center - the issue is reported as a bug, but recomeded workaround also doesn't work.

Matjaž

Actions

Login or Register to take actions

This Discussion

Posted March 7, 2012 at 4:03 AM
Stats:
Replies:4 Avg. Rating:5
Views:933 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard