6 Replies Latest reply on Apr 13, 2010 4:45 PM by rcamm

    UMT (SnapGear) SG640 NAT question



      We want PPTP VPN users to be able to access local file shares on the server so how do I configure incoming PPTP VPN packets to get NAT translated source IP addresses to be those of a server on the local network?


      I am already forwarding Windows Networking packets using a packet filter just for VPN Interfaces.


      If I want to issue ip addresses in the range these can't access local file shares on the Windows 2008 server the SG 640 sits in front of.


      If I issue IP addresses from the pool of three remaining IP addreses allocated in our subnet, these three VPN clients can access network shares perfectly, but I can only have 3 connected VPN clients and I need many more.


      To get this to work, I had to use the undocumented feature of adding the following entries in the options.pptp to force a local WINSand DNSserver onto incoming PPTP connections:


      ms-dns xxx.xxx.xxx.118
      ms-wins xxx.xxx.xxx.114


      Where I have xxx'd out my actual ip addresses.


      So what I want to achieve is:


      Incoming packet on VPN from IP address

      Gets packet filtered, matches as from VPN, is forwarded OK

      Source IP is modified to be from a free IP in the server's subnet

      Windows thinks the packet is coming from the local network

      Sharing works over PPTP VPN connections


      I've tried port forwarding, but this doesn't change incoming packets.

      Source NAT seems to only change outgoing packets

      1 to 1 NAT didn't work


      That leaves a custom firewall rule to NAT the incoming packets to the internal network address and there are no docs on how to achieve this.


      Any advice from the Gurus?



      on 1/04/10 8:14:50 PM