03-07-2012 04:03 AM
I want to pass my client VPN request to MS Win Server 2003 - on FW I forwarded port for PPTP service to my server address, but on client side I get an error 619. On Cisco RV120W I have Site-to-Site VPN tunnel which works fine, PPTP server on Cisco is disabled. What should I do to pass VPN request to my LAN server to handle it?
Solved! Go to Solution.
03-07-2012 08:24 AM
Murko,
First you want to make yourself a custom service of PPTP(1723) next you will want to make the rule in your ACL and not in the forwarding range. As we have found a few bugs when setting up port fowarding under port forwarding.
Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
Internal and external hosts. Note that it is not necessary to create a port
Forwarding rule; when applying the access rule, the router creates the
Corresponding port forward. Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
internal and external hosts. Note that it is not necessary to create a port
forwarding rule; when applying the access rule, the router creates the
corresponding port forward.
Thanks,
Jasbryan
03-07-2012 08:24 AM
Murko,
First you want to make yourself a custom service of PPTP(1723) next you will want to make the rule in your ACL and not in the forwarding range. As we have found a few bugs when setting up port fowarding under port forwarding.
Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
Internal and external hosts. Note that it is not necessary to create a port
Forwarding rule; when applying the access rule, the router creates the
Corresponding port forward. Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
internal and external hosts. Note that it is not necessary to create a port
forwarding rule; when applying the access rule, the router creates the
corresponding port forward.
Thanks,
Jasbryan
03-07-2012 09:05 AM
Hi Jasbryan.
Thank you for your quick response. I did it as you described in your reply, but I still get the 619 error...
03-07-2012 09:31 AM
Murko,
Call into the support center and have the next available engineer take a look at your configuration and start trouble shooting. Possibly the PPTP server on the router could be interfering with your PPTP server. (All support Numbers)
Jasbryan
03-08-2012 05:01 AM
Thank you for your reply. I did contact the support center - the issue is reported as a bug, but recomeded workaround also doesn't work.
Matjaž
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: