PPTP tunnel SBG 5500A

nans
nans Posts: 6
First Comment
edited April 2021 in Security

I configured a PPTP tunnel between the win10 client and the SBG 5500A server, the tunnel was created, but there is no ping to the local network.

Comments

  • Bob_C
    Bob_C Posts: 165  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello, 

    Assuming you mean that the ping to another host in the SBG's local network does not work, I created a PPTP tunnel (the PPTP client's IP address is 10.7.1.33) and I can ping to another host (IP address: 192.168.1.2). I test both Windows 7 and Windows 10 laptops. You may refer to the following image for the screenshot I took on the Win 7 laptop. 

    Please check whether the target host's firewall settings allow ping, one of the feasible ways is to re-locate the PPTP VPN client to SBG's LAN and ping the target host (i.e., the IP address "192.168.1.2" in my case) within the same subnet.




  • nans
    nans Posts: 6
    First Comment
    The firewall on the SBG 5500-A is disabled. Maybe you need to configure the firewall on the SBG 5500-A? If so, how can this be done?
  • nans
    nans Posts: 6
    First Comment

    The SBG 5500-A is configured with a different subnet. How do I configure the SBG 5500-A if it connects a client from a different subnet? That is from the WAN Interface to the LAN Interface
  • Bob_C
    Bob_C Posts: 165  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    (1) What I meant of "firewall settings" was not SBG5500's firewall settings but the target ping host's firewall settings. For example, if the target host you would like to ping is a PC, please check the firewall settings of that PC. I disable the target host's Windows Firewall so that it would respond to ping; on the other hand, the SBG5500 firewall was enabled. 

    (2-1) "The SBG5500-A is configured with a different subnet" - could you please explain the subnet which is shown in the image is different from which subnet?

    (2-2) I am not sure the meaning of the second question would like to ask. Was it still about PPTP VPN? Would you like to connect the clients which are located separately - one at WAN and the other at LAN, through PPTP VPN?
  • nans
    nans Posts: 6
    First Comment
    (2-2) 
    Yes, we want to connect a client from the WAN (the WAN subnet is different from the local subnet) to the local network.
  • Bob_C
    Bob_C Posts: 165  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi, 

    It depends on the services you would like to access at LAN. 
    Could you please let me know what kind of services you would like to access, maybe I can help you with the corresponding settings they require. 

    As for me, I set up a laptop running a light HTTP server at SBG's LAN, and I configure a port forwarding rule and firewall exception on the SBG5500 correspondingly. 
    From WAN side, I can access the HTTP server. 
    If I set up the PPTP server, I can both access the HTTP server and also ping the laptop which is running the server. 
    In short, I think you should be able to access the services from WAN to LAN with some settings.
  • nans
    nans Posts: 6
    First Comment
    Добрый день! Всё верно, прошу вас прислать настройку правила переадресации портов и исключение брандмауэра на SBG5500.
  • nans
    nans Posts: 6
    First Comment

    Good afternoon! That's right, I ask you to send the setting of the port forwarding rule and the firewall exception on the SBG5500.
  • Bob_C
    Bob_C Posts: 165  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    For example, I would like to set up for my HTTP server's access. 
    (1) Go to the port forwarding page (Configuration > NAT > Port Forwarding). 
    (2) Configure a new rule. 
    - Enable the service 
    - Enable "Add Exception to Firewall"
    - Name the service.
    - Protocol: TCP/UDP (to make it simple)
    - Select which WAN interface the traffic is coming in/going out (please adjust the selection in order to fit your scenario).
    - Fill in the external port number. In my example it is 8888 (please adjust the selection in order to fit your scenario).
    - Fill in the internal port number. In my example it is 8888 (please adjust the selection in order to fit your scenario).
    - The IP address of the HTTP server is "192.168.1.3" (please adjust the selection in order to fit your scenario). 
    (3) Apply the settings.


    For the port number, it is suggested to use a port number which is larger than 10000 because it may have less conflict with other services. 

Security Highlight