Alright... well, we've put some of the other stuff off for a while and decided just to try and get a standard Microsoft VPN to work.... Here's my config in relation to it trying to pass through the firewall to the server....
destination {
pool MSVPN {
address INTERNALSERVER/32 port 1723;
}
.....
rule-set External-Dst-NAT {
from zone untrust;
rule MSVPN-Nat {
match {
destination-address EXTERNAL/32;
}
then {
destination-nat pool MSVPN;
}
}
---
policies {
from-zone untrust to-zone trust {
policy MSVPN-Permit {
match {
source-address any;
destination-address MSVPN;
application MSVPN;
}
then {
permit;
}
}
...
zones {
security-zone trust {
address MSVPN INTERNALSERVER/32;
}
...
applications {
application MSVPN {
term 1 {
protocol gre;
}
term 2 {
protocol tcp;
destination-port 1723;
}
}
}