Good afternoon,
I'm attempting to set up an appropriate ACL for allowing pptp connections
to a MS NT pptp/vpn server.
Going thru the documentation, I find that I need to set up an ACL for
the control channel on TCP/1723. Simple enough:
access-list 102 permit tcp any host x.x.x.x eq 1723
Then, it goes on to say that data packets are transmitted over
IP using GRE (protocol ID 47) with a GRE protocol field of 0x880B.
I'm not sure how to set up an ACL to permit the data traffic. Sure enough,
my PPTP users are hitting our VPN server but failing afterwards.
Cisco documentation suggests that an ACL would look something like:
access-list 102 permit gre any host x.x.x.x
However, this doesn't seem to work. Permitting all IP to the pptp server
does get everything working correctly, but that's not a solution I want
to use.
Any suggestions? Any input would be appreciated.
cheers,
jeff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
