PPTP Server Access Through The FirewallPPTP Server Access Through The FirewallOn The On The SureConnect SureConnect 90039003

rockyboygangNetworking and Communications

Oct 24, 2013 (4 years and 19 days ago)

89 views

PPTP Server Access Through The
Firewall

PPTP Server Access Through The
Firewall

On The
On The

SureConnect
SureConnect
9003

9003

ISP
ISP
ISP
ATM
ATM
Internet
Internet
DSLAM
DSLAM
Network
Network
SureConnect
SureConnect

9003


9003

PPTP Server

PPTP Server

Private IP: 192.168.1

Private IP: 192.168.1

Ethernet

Ethernet

.3
Mask: 255.255.255.0

.3
Mask: 255.255.255.0

IP:192.168.1.1

IP:192.168.1.1

Mask:255.255.255.0

Mask:255.255.255.0

Default Gateway: 192.168.1.1

Default Gateway: 192.168.1.1

WAN Interface

WAN Interface

Public IP: 68.72.93.202

Public IP: 68.72.93.202

PPPoE

PPPoE

VCMUX Encapsulation
VCMUX Encapsulation
VPI 0 VCI 35

VPI 0 VCI 35

PPP0

PPP0

PPTP Client
PPTP Client


U.S. Robotics SureConnect 9003 ADSL Ethernet/USB Router
Firmware Version 20021029



Setup steps for configuring the Firewall and NAT
on the SureConnect 9003 to support a PPTP
Server on the LAN

This document is the steps required for configuring the SureConnect 9003 to support:
1. PPTP Server attached to Ethernet 1 with the ability to accept connections of a
remote PPTP Client.
2. NAT
3. Firewall
These steps are from the factory default configuration on the SureConnect 9003. These
steps reference the above network configuration drawing and were tested for code
20021029 on the SureConnect 9003.

For this example PPPoE was used for the WAN protocol. Other WAN protocols can be
substituted for PPPoE. It is recommended that in this environment that your ISP assign a
static IP address to the link to support easy call setup from a client. Because NAT is
being used the client will setup the call to the Public WAN IP address.

Note: For initial installation and local management access please refer to the Installation
Guide provided with the SureConnect 9003.
Application Note
Introduction


WAN Setup

When selecting Service Provider Settings->WAN Setup you will be presented the
following screen:


These show the factory default setting for a SureConnect 9003.

Setup
The following steps are required to configure WAN Setup for the SureConnect 9003 for
the example drawing:
1. Select the PPPoA PVC in the Current ATM PVC List and select Delete.
2. Under WAN Setup select PPPoE and enter the Username, Password and
Authentication type.
3. Enter the proper VPI and VCI (i.e. for this example the VPI of 0 the VCI of 35
will be used).
4. Select the Encapsulation Mode (i.e. for this example the Encapsulation Mode is
LLC/SNAP).
5. Under Network Settings check Enable NAPT and Enable DHCP.
6. Select Add to enter this PVC into the Current ATM PVC List.

Example of filled in screen.



Setup of NAT

The following configuration will allow the Public IP address to be mapped to the Private
IP address of the PPTP Server. Go to Firewall->NAT->Static Nat Mapping. You will
be presented the following screen:


Select Add. You will be presented the following screen:


Enter the Private IP address (for this example 192.168.1.3) to be mapped to the Public IP
address (for this example 68.72.93.202).


Select Apply. Once complete the List Static NAT Configuration will look like this.


Firewall Configuration

To allow connections from the Internet to the Public IP address (which is mapped to the
Private IP address of the PPTP Server), the firewall needs to be configured to accept the
connection. Two types of connections need to be configured:
1. The PPTP connection to port 1723 of the WAN
2. The GRE protocol for PPTP tunnels to be established

Setup of the Firewall IP Filtering

When selecting Firewall -> IP Filtering you will be presented the following screen.


To add the policies to support the PPTP connection to port 1723 of the on the
SureConnect 9003 you need to click the Add button. You will be presented the following
screen.

You will need to fill in the following information:
1. Precedence number. This number needs to be lower then any existing Precedence
number so it takes effect first (i.e. 10000 will take precedence over 29000).
2. Dest Port should be set to 1723.
3. Protocol should be set to TCP.
4. Interface name should be set to PPP0.
5. All other settings stay at default.

Example of filled in screen.


Once complete with the above steps, select Apply.
To add the policies to support the GRE PPTP tunnels that will be established on the
SureConnect 9003 you need to add a Firewall Policy with the following attributes:
1. Precedence number. This number needs to be lower then any existing Precedence
number so it takes effect first (i.e. 10000 will take precedence over 29000).
2. Protocol should be set to GRE.
3. Interface name should be set to PPP0.
4. All other settings stay at default.

Example of filled in screen.


Once complete with the above steps, select Apply.
Once complete the Firewall IP Filtering-List of Firewall Policies should look like this.


Remember to Save all configurations by going to
Tools->Save and Restart!