VPN Help

[Lee]

I have setup an RRAS server behind my pix 515. I have
added all of the components to the pix to allow my VPN
server to function, however when I try to connect to it I
get an error 769: the specified destination is not
reachable. I have tried everything that I know to
do...anyone have any idea's?

 

[Bill Grant]

Not really enough info to say. A simple diagram with IP numbers would
help.

If the RRAS server has a public IP on its "external" interface, can you
ping it from the client? If it has a private IP and you are forwarding VPN
traffic from the PIX, does this happen when you try to connect using the
PIX's public IP?

The IP address you try to connect to must be reachable through the
Internet.

 

[Guest]

Bill,

Thanks for responding to my post. Okay, I have the server
setup with an internal IP address but I have created a
static route through my firewall to it and I can ping it
from the firewall. I have setup a similar scenario with a
terminal server and it is working fine. Let me ask you
this, does certificate authority need to be installed for
the vpn server to resolve client requests?

Lee Goldstein

 

[Bill Grant]

You cannot ping or connect to private IP addresses through the Internet.
Private IPs are not routed through the Internet because they are not unique.
Internet routers discard packets with private IPs. That is why you use VPN.
It encrypts and then encapsulates the private adressed packets inside an IP
packet with a public address.

You will need to connect to the firewall's public IP and use port
forwarding to get the VPN traffic to the server on the private LAN.

You only need certificates if you are using L2TP and IPSec. They are not
required for PPTP.

 

[Jeff D]

If you are using PPTP, you might also make sure that the
Pix is forwarding GRE traffic as well. It is protocol 47
(like TCP is protocol 6 and UDP is protocol 17).