Thanks,
47 and 1723 is passing trough the firewall without a problem, I could see it
in the log.....Microsoft has a document in technet (Q162847) than stays that
if you have error 650 the following should take care the problem (NET STOP
RASPPTPF) no in my case...It did no help at all.....
Again folks thanks.....
-----Original Message-----
From: Jean Morissette [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 22, 1999 7:44 AM
To: Ben Nagy; 'Blanco, Juan'; '[EMAIL PROTECTED]'
Cc: [EMAIL PROTECTED]
Subject: RE: VPN via 2501 - Firewall-1 - NT
I installed a w/s between the fw and the upstream router so Juan might want
to do that.
I try to connect to the PPTP/RRAS server and can see that it is blocked at
the fw (logging) with this (47) oh wow! it is GRE.
My problem is that I am sure the fw is setup to let protocol id 47 through.
Juan try this and see if fw-1 stops proto id 47, I am sure that fw-1 has
good logging capabilities.
I sure be able to fix this little problem today and will keep you posted!
or if you fix it before I do, well drop me a line!
Jean.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Nagy
> Sent: Sunday, November 21, 1999 10:48 PM
> To: 'Blanco, Juan'; '[EMAIL PROTECTED]'
> Cc: [EMAIL PROTECTED]
> Subject: RE: VPN via 2501 - Firewall-1 - NT
>
>
> I presume you mean TCP 1723...
>
> So, error 650 is remote server not responding - typical of cases where GRE
> isn't getting end to end.
>
> Check it with some sort of sniffer, if you can. Check to see if you're
> getting any GRE behind the router, and then check behind the firewall.
>
> Another thing that might be tripping you up - if you're using a Cisco box
> with NAT, you MUST either use real IP addresses or use a STATIC
> NAT mapping
> for the firewall, otherwise GRE stuff won't get passed through properly.
> Dynamic NAT is based on TCP sessions - it doesn't grok GRE.
>
> There may also be problems along these lines on the FW-1 box - I
> dunno, I'm
> not a FW1 guy.
>
> Cheers,
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>
> > -----Original Message-----
> > From: Blanco, Juan [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, 21 November 1999 12:10 AM
> > To: '[EMAIL PROTECTED]'
> > Cc: [EMAIL PROTECTED]
> > Subject: VPN via 2501 - Firewall-1 - NT
> >
> >
> > Folks,
> >
> >
> > I am currently trying to set up a simple dial-up virtual networking
> > configuration. What Im trying to do is allow a remote users to dial
> > into their internet service over a standard dial-up phone
> > line and from
> > there access the office network. Our server computer is
> > running Windows NT
> > 4.0 behind the Firewall-1, The error message that we are
> > recieving when
> > trying to do this with the VPN client is error 650:
> > I have Protocol 47 open at the firewall, and TCP port 172. I spoke to
> > checkpoint and they have no clue.
> >
> > Any help will be appreciated.....
> >
> >
> >
> > Thanks,
> >
> >
> > Tony
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
