Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting up PPTP rules and NAT

John da Newbie

I'm pretty new to Sophos Firewalls and need some basic help, to set up PPTP VPN.
The last Firewalls I worked with, were years ago, on IPCOP and M0n0wall based Systems, so very obsolete these days...

I already got SSL VPN working, because the "How to" were really detailed.

Now I need PPTP to let Clients connect to a specific Server.
To set up the Server I followed this instructions community.sophos.com/.../125662
On other Systems I needed a NAT and rules to bypass the PPTP traffic and I'm a bit overwhelmed with all these options :D
so I tried to get some input from here, but didn't found such basic infos.

Maybe someone could teach me this basic knowledge and sorry for that maybe dumb question.

System:
Sophos XG106 running SFOS 18.0.1 MR-1-Build396

If you need further information just ask

Cheers John



This thread was automatically locked due to age.
  • 0

    Hi  

    Are you looking for end client system settings to connect over PPTP server? Below KBA will be helpful.

    https://community.sophos.com/kb/en-us/125372

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Global Customer Experience
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question, use the 'Verify Answer' link.

    • 0 in reply to Vishal_R

      Hi  

      thanks for your response but its not the Client-sided configuration, that works fine.

      I just need to know how to set up the correct NAT and Rules, to make the PPTP communication via Sophos work.

      What I did is enabling PPTP, assign IP from* I filled in a IP adress range of my local subnet (should I make a separate internal range, like for SSL VPN?),
      as primary DNS server I took Google (8.8.8.8).

      I made a PPTP Usergroup (about 50 Users) with unlimited Internet access and PPTP Enabled, Login restriction: Any node

      I already set up the services (PPTP>TCP1723 and GRE) as a group and made a
      Inbound Rule: WAN,Any host > to > LAN,Local subnet > for > PPTP_GROUP
      Outbound Rule: LAN, Any > to > WAN, Any > for > PPTP_GROUP
      DNAT: Source: Any Host, Service: PPTP_GROUP, Destination: External IP -- Source: Original, Service: Original, Destination: Internal Server IP -- Inbound: Any Interface, Outbound ANy Interface

      Should I make another Rule with SNAT Source and as "Translated Source" the internal Server?

      With the old Firewalls there were only NAT.

      And do I need further Rules for the Usergroup, or do they have Access via PPTP Port in my PPTP_Group?

      Sorry I feel just a bit lost :)

      Regards John

      • 0 in reply to John da Newbie

        Hi  

        To make it more simple I am summarize details as per below :

        PPTP will be either in Split tunnel and full tunnel.

        1) Split tunnel : 2 Rules needed on FW,  a) LAN To VPN ( No NAT needed) and b) VPN to LAN ( with NAT action MASQ)

        2) Full tunnel : 3 rules needed on FW. a) & b) as per above c) VPN to WAN ( with NAT action MASQ).==> For Internet traffic from end VPN machine.

        Regards,

        Vishal Ranpariya
        Technical Account Manager | Global Customer Experience
        Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
        If a post solves your question, use the 'Verify Answer' link.

        • 0 in reply to Vishal_R

          Hi  

          I'll try that!

          But for my understanding, I can just choose "VPN" as "Source" or "Destination"
          and don't have to create the PPTP 1723 Port as Service and Group it with GRE?

          Regards John