Remove From My Forums

firewalls with router

Question
0

Sign in to vote

I have firewall behind router in my network and router is device (small) facing internet.. suppose i have static ip given by service provider which is 1.2.3.4... only live/static ip to use...how and where will i have to configure port forwarding for ipsec client vpn which is configured on my server 2008 r2. as vpn clients will need live/static ip to dial from remote location. Between router and my server/lan there is firewall which will also need any ip on its wan interface...

Adnan sabir

Wednesday, April 13, 2016 9:04 AM

Answers

0

Sign in to vote
you could try GNS3 not with packet tracer to simulate with what you want.
Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Wendy Jiang Monday, April 25, 2016 9:01 AM
- Marked as answer by Yan Li_ Wednesday, May 4, 2016 1:27 AM
Wednesday, April 20, 2016 3:25 AM

All replies

0

Sign in to vote
You should port forward on the device(s) that is doing the public to private address translation.

Might ask more over here.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverPN

Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server]

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Edited by Dave PatrickMVP Sunday, April 17, 2016 10:53 AM
Wednesday, April 13, 2016 11:32 PM
0

Sign in to vote

You need to configure the forwarding on your frontal equipment which is your router in your case.

This posting is provided AS IS with no warranties or guarantees , and confers no rights.

Ahmed MALEK

My Website Link

My Linkedin Profile

My MVP Profile

Thursday, April 14, 2016 12:39 AM
0

Sign in to vote

Hi Adnan,
As Ahmed said, you could configure port forwarding on your router, I would suggest you take a look the following article regarding How to Forward Ports on Your Router:
http://www.pcworld.com/article/244314/how_to_forward_ports_on_your_router.html
Also, according to your description, you need to open ports on firewalls, please see details from:
Firewalls and Port Forwarding http://dataturbine.org/documentation/network-topology/firewalls-and-port-forwarding/
Please Note: Since the web sites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards,
Wendy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Friday, April 15, 2016 3:16 AM
0

Sign in to vote

check out link below, you need to configure it in your router.

If you're using a Cisco device you have to configure it by hand.

If you're using some sort of un-managed router, most probably there is a GUI web interface and you can do the settings from there.

VPN Ports to unblock:

https://blogs.technet.microsoft.com/rrasblog/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through/
Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Friday, April 15, 2016 6:51 AM
0

Sign in to vote

ok I understand about port forwarding to be done on router facing internet whichever it is.. but my server 2008 on which i want to configure vpn is behind firewall (fortigate)..the link from router suppose to terminate at wan interface of firewal ?l i guess.. for that we need another ip subnet to connect interfaces firewall and router..after that i can use any private ip range..i just want to clear how reachability will be done to my vpn server...

Sunday, April 17, 2016 9:23 AM
1

Sign in to vote
1. Configure Windows 2008 for VPN

2. Fortigate Firewall - do a port forwarding here for the ports needed for VPN

3. On Fortigate Firewall when you configure the port forwarding - forward the ports to your windows server 2008 IP Address

4. You don't need an IP subnet or IP Range to configure port forwarding, just the IP Address of the server that handles the VPN.

5. Other configuration that you need should be configure on your VPN software

6. If you are not sure of what you are doing ask someone who has a knowledge on it, or you might end up with a hacked server

7. Understand how VPN works, if the VPN is configured properly clients connecting via the internet or WAN needs a VPN client software to connect to your VPN and of course make sure that there is an authentication method that is configured on your VPN system.

Hope that clears..Cheers!

Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Wendy Jiang Monday, April 25, 2016 9:00 AM
Monday, April 18, 2016 12:58 AM
0

Sign in to vote

ok i can port forward on firewall mentioned, but my static ip is on router (small business) which is in front of firewall..will i need to port forward over there as well....

Monday, April 18, 2016 6:53 AM
0

Sign in to vote
even i can use gortigate for vpn purpose but i want to use windows server.. so my topology is like internet>>>Router(configured with static ip)>>>>> fortigate firewall(connectivity with some ip range will be needed)>>>>>>switch>>>vpn server... so realy want to know how my users who will have to dial static live ip to get access to server...server reachability..?
- Edited by adnan.sabir Monday, April 18, 2016 7:01 AM
Monday, April 18, 2016 6:59 AM
0

Sign in to vote
ok i can port forward on firewall mentioned, but my static ip is on router (small business) which is in front of firewall..will i need to port forward over there as well....

i'm not sure what's the configuration on your router, you have to check the router configuration.

if router does not or do any filtering for incoming and outgoing then you only need to port forward on the firewall. But you might need to configure the router to route the VPN packets to your server.

Or once, you've done the port forwarding test it yourself if it is working.

to connect your VPN if all is configured properly, connect to the public ip of your firewall.

If it doesn't work then a router configuration has to be done.

But I really suggest check with someone who is familiar with this, because a single mistake can ruin your entire network.

Please do not depend on us, because there are a lot of things to consider.

And you don't want to post all of your configuration on a public forum, unless you want your own network to be public also.

Check with someone locally who is familiar of what you are trying to do.
Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Wendy Jiang Monday, April 25, 2016 9:01 AM
- Unproposed as answer by Wendy Jiang Monday, April 25, 2016 9:01 AM
Monday, April 18, 2016 7:19 AM
0

Sign in to vote

Monday, April 18, 2016 7:51 AM
0

Sign in to vote
> vpn is behind firewall (fortigate)

So we can assume the fortigate does NATting? If it does and the User at

his remote location uses a NAT router, too, then you cannot establish

VPN - does not work with dual NAT.
- Proposed as answer by Wendy Jiang Monday, April 25, 2016 9:02 AM
Monday, April 18, 2016 8:44 AM
0

Sign in to vote
you could try GNS3 not with packet tracer to simulate with what you want.
Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed as answer by Wendy Jiang Monday, April 25, 2016 9:01 AM
- Marked as answer by Yan Li_ Wednesday, May 4, 2016 1:27 AM
Wednesday, April 20, 2016 3:25 AM
0

Sign in to vote

i got your point.. to port forward on firewall..but wan/static ip is configures on router...will i have to port forward over there as well...there are two devices before my lan network...so port forwarding works ...how

Monday, May 16, 2016 12:53 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

firewalls with router

Question

Answers

All replies