Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Microsoft RRAS behind XG135 (VPN Pass-through) not working

Hi,

 

I'm trying to setup a M$ RRAS connection to a server on the LAN behind a XG135 without success!

Have setup a Business application rule using the DNAT template as follows:

after having read this: https://www.reddit.com/r/sophos/comments/7gphny/vpn_passthrough/

but when I try to connect using the M$ vpn client from a machine via the WAN the connection fails.

Have I missed something?

Any help or advice or next steps to resolve appreciated.

BR.



This thread was automatically locked due to age.
Parents Reply
  • Hi Keyur

    Thanks for the steer which helped me fix this issue.

    For completeness and the benefit of others her is what I needed to do to get it working:

    In addition to adding GRE, ESP and L2TP in the Destination & Services -> Services window I also needed to add a custom service (which I called RRAS) as follows:

    After adding the above, saving and re-testing the built-in Microsoft VPN client connects OK.

    Thansk again for your help!

Children
  • On XG Virtual 17.5 this does not work. Tested on RRAS first made sure it was working then put XG in front.

    First of all you do NOT need ESP, GRE or port 1723 for L2VPN, just 500, 4500 and 1701 all UDP.

    service IKE covers the first 2 ports and l2tp the third. But first rule did not work. Then I  made separate rules for each service and BOOM working.

    port 1723 is for PPTP only and may require GRE so i would think you swap out the 2 services but i did not test.