Solved: VPN client passthrough to Windows Server 2003 - Cisco RV120W

matjaz.murko · ‎03-07-2012

I want to pass my client VPN request to MS Win Server 2003 - on FW I forwarded port for PPTP service to my server address, but on client side I get an error 619. On Cisco RV120W I have Site-to-Site VPN tunnel which works fine, PPTP server on Cisco is disabled. What should I do to pass VPN request to my LAN server to handle it?

jasbryan · ‎03-07-2012

Murko,

First you want to make yourself a custom service of PPTP(1723) next you will want to make the rule in your ACL and not in the forwarding range. As we have found a few bugs when setting up port fowarding under port forwarding.

Internet NAT redirection does not work using firewall port-forwarding rules.

• Description—A LAN client cannot access a service by using the WAN IP

address of the LAN device (such as an IP camera or an FTP server).

• Work Around—Enable access to the service by creating a firewall access

rule on the Firewall > Access Rules page. After clicking Add to add a rule,

make the following selections:

- Connection Type—Inbound (WAN (Internet > LAN (Local Network)

- Action—Always Allow

- Service—Specify HTTP for web server or, if the service uses a custom

port, you can add it.

- Send to Local Server (DNAT IP)—Enter the internal IP address of the

server.

- Make sure the Rule Status is set to Enabled and save the settings.

After this you will be able to access the server via FQDN from both

Internal and external hosts. Note that it is not necessary to create a port

Forwarding rule; when applying the access rule, the router creates the

Corresponding port forward. Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
internal and external hosts. Note that it is not necessary to create a port
forwarding rule; when applying the access rule, the router creates the
corresponding port forward.

Full Release notes

Thanks,

Jasbryan

View solution in original post

jasbryan · ‎03-07-2012

Murko,

First you want to make yourself a custom service of PPTP(1723) next you will want to make the rule in your ACL and not in the forwarding range. As we have found a few bugs when setting up port fowarding under port forwarding.

Internet NAT redirection does not work using firewall port-forwarding rules.

• Description—A LAN client cannot access a service by using the WAN IP

address of the LAN device (such as an IP camera or an FTP server).

• Work Around—Enable access to the service by creating a firewall access

rule on the Firewall > Access Rules page. After clicking Add to add a rule,

make the following selections:

- Connection Type—Inbound (WAN (Internet > LAN (Local Network)

- Action—Always Allow

- Service—Specify HTTP for web server or, if the service uses a custom

port, you can add it.

- Send to Local Server (DNAT IP)—Enter the internal IP address of the

server.

- Make sure the Rule Status is set to Enabled and save the settings.

After this you will be able to access the server via FQDN from both

Internal and external hosts. Note that it is not necessary to create a port

Forwarding rule; when applying the access rule, the router creates the

Corresponding port forward. Internet NAT redirection does not work using firewall port-forwarding rules.
• Description—A LAN client cannot access a service by using the WAN IP
address of the LAN device (such as an IP camera or an FTP server).
• Work Around—Enable access to the service by creating a firewall access
rule on the Firewall > Access Rules page. After clicking Add to add a rule,
make the following selections:
- Connection Type—Inbound (WAN (Internet > LAN (Local Network)
- Action—Always Allow
- Service—Specify HTTP for web server or, if the service uses a custom
port, you can add it.
- Send to Local Server (DNAT IP)—Enter the internal IP address of the
server.
- Make sure the Rule Status is set to Enabled and save the settings.
After this you will be able to access the server via FQDN from both
internal and external hosts. Note that it is not necessary to create a port
forwarding rule; when applying the access rule, the router creates the
corresponding port forward.

Full Release notes

Thanks,

Jasbryan

matjaz.murko · ‎03-07-2012

Hi Jasbryan.

Thank you for your quick response. I did it as you described in your reply, but I still get the 619 error...

jasbryan · ‎03-07-2012

Murko,

Call into the support center and have the next available engineer take a look at your configuration and start trouble shooting. Possibly the PPTP server on the router could be interfering with your PPTP server. (All support Numbers)

Jasbryan

matjaz.murko · ‎03-08-2012

Thank you for your reply. I did contact the support center - the issue is reported as a bug, but recomeded workaround also doesn't work.

Matjaž