• February 24, 2025, 01:13:20 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: VPN Issue about DFL-800  (Read 7141 times)

EUCC

  • Level 1 Member
  • *
  • Posts: 9
VPN Issue about DFL-800
« on: June 25, 2009, 02:52:28 AM »
Hello, I have a problem with a new DFL-800 I need to configure.

In our network, the server which gives access to Internet has a ISA Server firewall. Between the server and the router I placed the Firewall DFL-800. Some employees of the network needs to access through a VPN, and here comes the problem:

there has to be some rule in the DFL that I need to put on but I can't find which. I've tried a lot of configurations but no one seems to work. With the firewall on, the VPN coneection keeps trying to connect, but never gets to it. If I take the DFL out, and connect directly the server to the router, everything works great.

It may seem silly, having two firewalls one behind the other. But there are company's internal reasons for this.


Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: VPN Issue about DFL-800
« Reply #1 on: June 25, 2009, 08:09:04 AM »
I don't mind two firewalls right after the other (old style DMZ networks required it), but I do want to know if you are performing NAT twice which would be an issue.

As for VPN passthrough (which should only be an issue if you are NAT'ing at the DFL-800) add the below rules.  This is from first thing in the morning memory, so give her a shot and tell me how it works.

Action: NAT
Service: ipsec-suite
Source Interface: LAN
Source Network: LAN-Nets
Destination Interface: WAN
Destination Network: All-Nets

Action: NAT
Service: ipsec-suite
Source  Interface: WAN
Source  Network: All-Nets
Destination  Interface: LAN
Destination  Network: LAN-Nets
Logged
non progredi est regredi

EUCC

  • Level 1 Member
  • *
  • Posts: 9
Re: VPN Issue about DFL-800
« Reply #2 on: July 29, 2009, 12:03:20 AM »
I finally got it, I added a new rule from LAN to WAN with the service pptp-suite. Thanks for help!
Logged

nickname778

  • Level 1 Member
  • *
  • Posts: 1
Re: VPN Issue about DFL-800
« Reply #3 on: November 18, 2010, 04:22:50 AM »
Hi, I'm having similiar problem - I'm behind DFL-800 firewall and I'm trying to create VPN to another place using the simple Windows based VPN tool. I've added the rules above but it looks like it doesn't help - when the user tries to connect to the VPN it gets stucked on Verifiying username and password and after 15-20 seconds crashes with Error 721 : The remote computer did not respond. This is what happens in the firewall logs :


18-11-2010   14:17:02   Local0.Warning   XXX.XX.XXX.XXX   [2010-11-18 14:16:15] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=LAN srcip=XXX.XX.XXX.XX destip=XXX.XXX.XXX ipproto=GRE ipdatalen=37
18-11-2010   14:17:03   Local0.Warning   XXX.XXX.XXX.XXX   [2010-11-18 14:16:17] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=LAN srcip=XXX.XXX.XXX.XXX destip=224.0.0.5 ipproto=OSPFIGP ipdatalen=44
18-11-2010   14:17:04   Local0.Warning   XXX.XXX.XXX.XXX   [2010-11-18 14:16:17] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=LAN srcip=XXX.XXX.XXX.XXX destip=XXX.XXX.XXX.XXX ipproto=GRE ipdatalen=37
18-11-2010   14:17:07   Local0.Warning   XXX.XXX.XXX.XXX   [2010-11-18 14:16:20] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=LAN srcip=XXX.XXX.XXX.XXX destip=XXX.XXX.XXX.XXX ipproto=GRE ipdatalen=37
18-11-2010   14:17:11   Local0.Warning   XXX.XXX.XXX   [2010-11-18 14:16:24] FW: RULE: prio=3 id=06000051 rev=1 event=ruleset_drop_packet action=drop rule=Default_Rule recvif=LAN srcip=XXX.XXX.XXX.XXX destip=XXX.XXX.XXX.XXX ipproto=GRE ipdatalen=37
Logged