firewall blocking VPN traffic....

[wlandymore]

I am trying to setup a VPN between a RRAS in the intranet and a computer who is external to the domain. All the settings seem okay, but the external computer isn't able to connect to the VPN server.
I tested the VPN internally and it works great, but as soon as I try to get out past the firewall it will shoot it down.

What ports should I have open on the firewall or what configuration changes should I make to it to get it to let traffic through?

 

[ChicagoTechNet]

quoted from

http://www.chicagotech.net

Which ports need to be opened for running VPN

A: PPTP VPN uses TCP Port 1723, IP Protocol 47 (GRE); L2TP: UDP Port 1701; IPSec: Pass IP protocol 50 and 51. Note: 47 is a protocol number and not TCP port. The protocol name is GRE. It'll make a big difference when configuring your firewall or router.




Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[wlandymore]

still didn't get it to work.

I'll tell you what I have just so you can see if I'm messing something up...

computer outside domain using DHCP with address 24.222.111.111
trying to setup a PPTP connection with:

computer inside domain acting as server with address:
192.168.111.111 mapped to 24.222.24.111 on firewall

Firewall has:
access-list diaout_acl line 31 permit tcp host 192.168.111.111 any

access-list diaout_acl line 32 permit ip host 192.168.111.111 any

access-list out2in line 1 permit gre any host 24.222.24.111
access-list out2in line 2 permit gre any host 24.222.111.111

access-list dia_acl line 37 permit tcp any host 24.222.24.111 eq www

I believe those are all of the entries related to 24.222.24.111 and 192.168.111.111 (server)

What do I have wrong in the entries??