We used to use Routing and Remote Access (RRAS) under Windows 2008 to provide an Active Directory friendly route into the network (we have a lot of remote workers) – And while this is not a fancy solution it did just work. Well, that was until our new WatchGuard Firewall got in the way!
The WatchGuard XTM series is fantastic value for money offering various routing and firewall options for any small-medium network. the XTM 505 is a fantastic piece of kit which during the testing phase has proven to be significantly better that our older x2500 model, which was showing its age.
I’m still yet to figure out exactly what the problem with RRAS and out firewall was, something to do with protocol routing with GRE and PPTP when using 1:1 NAT, however I found so many articles on this and still after following them all to the letter, nothing worked. I couldn’t get in (neither could anyone else) – So I trusted my instinct and this article: http://blog.bruteforcetech.com/archives/470 – Hats off to the guy who wrote it, magnificent overview of how to get it working. Only took 30 minutes to implement the article and then another 15 or so to fiddle around with placing rules on the firewall to allow protocols etc.
What I like about the solution is on my WatchGuard System Manager dashboard I can see who is connected (via RADIUS) and how many bytes they’ve used as well as the IP address they are connected on. This is the first full day of the new solution and I have 6 people from around the UK connected without any issues. FInally I have replaced RRAS with something less glitchy and perhaps easier to manage.
I reused my VPN server as the RADIUS server, but may be able to free it up by putting RADIUS on one of the domain controllers, which would hopefully speed the LDAP lookups up.