Orbi WiFi 7 RBE973
Reply

Forwarding PPTP VPN throughSRX5308

jaycos2237
Follower

Forwarding PPTP VPN throughSRX5308

need to forward PPTP VPN traffic to a Windows server.  TCP and UDP port 1723 is easy.  But, I need to forward GRE protocol 47 and I am not sure how to do it. 

 

I cannot use the Netgear PPTP because of the limitation of assigning IP to the existing VLAN.  Also the 25 connection limit.  And, I cannot use IPSec for other reasons.  PPTP is ideal for us.  And, I would like to avoid a secondary NIC on the Windows server.

 

 

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 3
DaneA
NETGEAR Employee Retired

Re: Forwarding PPTP VPN throughSRX5308

Hi jaycos2237,

 

Welcome to the community! 🙂 

 

GRE is protocol 47.  It is not a port.  Therefore, it cannot be forwarded.  The SRX5308 can pass GRE. 

 

Follow the steps below:

 

1. Ensure that port 1723 is forwarded to the correct PPTP server address.  You may check this by using an online port checker tool.  Click this link.  Just fill-up the required fields (the "Enter IP or host to scan" field will show the WAN IP Address automatically) then click "Scan Port."  If it shows "online/reachable,"  it means that port 1723 is really opened on the SRX5308. 

 

2. Check if double NAT is used and if the device in front of the SRX5308 (on WAN side) is correctly passing the traffic to the SRX5308.  

 

3. On the web-GUI of the SRX5308, go to Monitoring >Firewall Logs & E-mail.  On the Routing Logs section, enable WAN to LAN and LAN to WAN on both the Accepted packets and Dropped packets.  If no logs are generated here when the PPTP client tries to connect, then the PPTP client is not even getting as far as the SRX5308.

 

4. Ensure that the PPTP client is trying to connect to the correct Internet address.  

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 2 of 3
DaneA
NETGEAR Employee Retired

Re: Forwarding PPTP VPN throughSRX5308

@jaycos2237,

 

I just want to follow-up on this.  Let us know if you have questions.

 

Otherwise, if ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

 


Regards,

 

DaneA

NETGEAR Community Team

Message 3 of 3
Discussion stats
  • 2 replies
  • 3743 views
  • 0 kudos
  • 2 in conversation
Announcements