Getting a L2TP VPN connection to work through the Comodo firewall

I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed that I was no longer able to use my VPN network connections. So I went back to version 2.4. Since I switched back to the old version I struggled to get back to configuration that worked before I undertook the leap of faith with the beta. The PPTP VPN connection worked but the L2TP VPN connection did not work for me locally.

Let me digress for a bit and describe my local network and the VPN connections I have set up. When I am out of the office and accessing my server via the Internet, I use a VPN connection that uses the DNS name in its configuration. The DNS name points to the static IP address of my hardware firewall. The hardware firewall forwards the VPN traffic to my SBS server where the software firewall, ISA, completes the VPN connection. When I am at my office my laptop connects to the same network that connects the SBS server to the firewall and the VPN connection I use to access the server remotely does not work. To get around this minor problem I use a different VPN connection with the local IP address of the server in the configuration. This connection goes directly to the server and does not go through the firewall. Yesterday I figured why the L2TP connection was not working.

The ports they say you need to open up on your hardware firewall to allow L2TP access from the Internet are 500, 1701, and 4500. When I look at the ISA log I can see the laptop using ports 500 and 1701. When I looked at the Comodo activity log I found that it blocked an outbound access to protocol 50. This sounded vaguely familiar. It was hard to find but Microsoft talks about protocol 50 and 51 in this article, Interoperation with Other Services. Why was Comodo blocking outbound access? I was befuddled but I decided to go ahead and add a IP IN/OUT allow for protocol 50 rule to my local server IP. My L2TP VPN is now working. It is interesting that you will not find protocol 50 showing up in the ISA log but according to the Comodo log it is talking to the server with this protocol.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.