I need your comments and suggestions on the
following
and also how PPTP is deployed in a network.
TO make the PPTP protocol through a firewall we
need
to enable the following, tcp 1723 and IP protocol
47
(GRE). fine till now.
now, question is that is how to allow the PPTP with
static NAT.
what static NAT means is the following:
INternal----------PPTP
--------Firewall-------pptp client
Network server
say the PPTP server is hidden behind the
Firewall.
ie say the PPTP server as well as the Internal
network
has a private IP address like say 10.10.10.x . The
firewall would need to statically translate this IP
address to a one that is routable in the Internet
and
client like shown in the diagram can dial into the
PPTP server.
Problem: I am not able to get the static NAT
through
the firewall. without the static NAT I am able to
get
things work fine.
has anyone encountered this scenario before. Please
let me know your comments on this. (the checkpoint
firewall documents indicate that static NAT and
PPTP
are not supported.
since the intention is to allow the pptp-client to
be
able to connect to hosts located in the Internal
network, i am allotting the tunnelled IP address
that
is alloted to the client in the same subnet as is
the
Internal network.(ie 10..10.10.x)
does anyone know of a firewall that would support
PPTP with static NAT ?
The second scenario is to add a third arm (NIC) to
the
firewall and move the PPTP server to this third
zone
(DMZ). from here i want to know as how should the
architecure be, i how to allow the client talk to
hosts in the INternal LAN ? what should be the IP
address structure and what kind of NAT etc would be
needed.
Internal------------FIREWALL---------dial-in-client
Network |
|
PPTP server
in this scenario the PPTP server IP address is not
a hidden one and the dial in client is allowed
through
the firewall. But from here on , the tunnelled IP
addresses are bared, ie the 10.10.10.x packets are
bared. but how to route these packets into the
Internal network through the firewall. This is the
part that is tricky.... please do send me your
comments
and how would this be achieved ?
also i guess the report and logs generation would
be more accurate, since the internal tunnelled
packets can be traced when they traverse through
the firewall.
thanks all
tally
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
