We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure a PPTP WAN Connection with an External DSL Modem

  • Last updated on

The firewall can dial in using PPTP with an external DSL modem. The xDSL connection can be configured to be in Active or Standby Mode. In Standby Mode, the activation and subsequent monitoring of the link must be triggered externally.

Before You Begin

  • Connect the external xDSL modem supplied by your ISP to a port on the Barracuda NextGen Firewall F-Series.
  • Verify that you have all the necessary configuration information provided to you by your ISP.

Step 1. Create an xDSL Connection

Enable xDSL and create a new xDSL connection.

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, select xDSL/DHCP/ISDN.
  3. In the Configuration Mode menu, select Switch to Advanced.
  4. Click Lock.
  5. Enable xDSL.
  6. In the xDSL Links table, click + to add an entry.
  7. Enter a name for the link (no special characters) and click OK. The xDSL Links window opens.
  8. Enable Synchronous PPP if supported by your ISP and applicable to your network environment.
  9. Select PPTP as the Connection Type.
  10. Enter the Static Local and Gateway IP address if your ISP does not assign it automatically.

Step 2. Configure Connection Details

Enter the PPTP configuration settings you received from your ISP.

  1. Enter the Modem IP address or the IP address of the PPTP server in the PPTP Connection Details section.
  2. Select the applicable option from the Local IP Selection list:
    • Static – The local address is used. Select, if your provider expects you to use a static IP address.
      • Enter the Local IP address that is used to establish a connection with the specified modem IP address. You must use a local IP address that is already configured. This address is used for local GRE protocol registration with the local firewall.
    • DHCP – Your provider first assigns a local net via DHCP through which the DSL modem is then reached. The path to the modem is selected according to current routing.
    • Dynamic The device selects the address that is provided by routing to reach the PPTP server. This address is then reported to the firewall engine for GRE registration.
      • In the Required DHCP Link field, enter the name of the DHCP section that this xDSL link relies upon for providing a routing path to the specified modem IP address.
  3. Add the IP address of the gateway in the Gateway to Modem IP field if the xDSL modem or PPTP server is not directly attached to the gateway. A gateway route will automatically be created for PPTP. This setting and the Required DHCP Link setting are mutually exclusive.

Step 3. Configure Authentication

  1. In the Authentication section, select the Authentication Method for the connection.
  2. In the User Access ID field, enter the principal account name (PPP username) assigned by your provider.
  3. Enter the User Access Sub-ID if provided. The # and @ symbols are generated automatically.
    The complete user ID is formatted as follows: [user_id]#[access_sub_id]@[provider_name], E.g., 000xxxxxxxxx520069204717#0001@t-online.de
  4. Enter the PPP Access Password assigned by your ISP.
  5. If you want to use your ISPs DNS server, select Use ProviderDNS.
  6. If you are using dynamic DNS, select Use Dynamic DNS.
    1. Click Set. The Dynamic DNS Params window opens.
    2. Select a dynamic DNS Service Type. For information about available DynDNS service types, see http://www.dyndns.com/services/.
    3. Enter the Dyn DNS Name that was registered at dyndns.org.
    4. Enter the User Access ID and Password for accessing the server as defined during registration at dyndns.org.
  7. Click OK.

Step 4. Configure Routing Settings

Configure the routes and routing tables for the xDSL link. For PPP multilink bundles, the routing settings of the primary link are adopted for the bundled link.

  1. In the Routing section, enable Create Default Route. This automatically introduces a default route for the xDSL link.
  2. If you are using dynamic routing protocols, enable Advertise Route. For more information, see OSPF/RIP/BGP.
  3. Enter the Route Metric. If multiple routes to the same destination are available, the NextGen Firewall F-Series selects the route with the lowest route metric. If this route becomes unavailable, the route with the second lowest route metric is automatically selected. Default: 50

Step 5. Configure Connection Monitoring

Configure log settings and define target IP addresses that will be regularly pinged to monitor the availability of the connection. Each target IP address is pinged every 20 seconds (2 ICMP packets each). If there is no response, the link is re-established.

  1. In the Connection Monitoring section, select the Monitoring method:
    • LCP – If pings are not answered, the NextGen Firewall F-Series uses LCP to probe the dial-in daemon directly.
    • ICMP – The Reachable IPs are periodically pinged - if there is no response, the gateways are probed.
    • StrictLCP – No ICMP probing occurs.
  2. Add at least one target IP address to the Reachable IPs table. The target IP addresses must be accessible only via the xDSL connection.
  3. Select the Unreachable Action to be taken if the connection cannot be established. The following options are available:
    • Restart – Restarts the xDSL connection.
    • Increase-Metric – Increases the metric for the xDSL connection, so that a backup connection (which now has the lowest metric) is chosen until the healthcheck targets are reachable again.
  4. Click OK.
  5. Click Send Changes and Activate.

Step 6. Activate Network Changes

You must activate the network changes to bring up the xDSL connection.

  1. Go to CONTROL > Box.
  2. In the left menu, expand the Network section and click Activate new network configuration.
  3. Select Failsafe.

Your xDSL connection is now active and the IP address assigned by your ISP is visible on the CONTROL > Network page. All status icons next to the ppp1 interface are green, indicating an active connection. If the xDSL connection is your primary Internet connection, the default route pointing to the ppp1 interface is also created. If more than one default route is present, the connection with the lowest route metric is used.

Operating an xDSL Link in Standby Mode

If required, e.g., for maintenance purposes, you can enable Standby Mode in the link configuration. In Standby Mode, the activation and subsequent monitoring of the link must be triggered externally. Standby Mode also lets you combine HA setups for HA xDSL connections. In Standby Mode:

  1. The involved routes are set to pending state, and it is not checked whether they are established.
  2. The configuration is completely run through, but the connection is not yet established. 

Connecting is handled from the Command-Line Interface via a server-side script that is used for starting and stopping the connection with corresponding command lines:

  • Start all xDSL connections/etc/phion/bin/openxdsl start &
  • Stop all xDSL connections/etc/phion/bin/openxdsl stop & 
  • Start an explicit xDSL connection/etc/phion/bin/openxdsl start <linkname> & 
  • Stop an explicit xDSL connections/etc/phion/bin/openxdsl stop <linkname> &

<linkname> is the name of the configuration entry in the xDSL Links list: 

xDSL_01.png

Last updated on