Thank you very much for your quick response Ashley. I am happy to say that
a few moments before you replied, I found out my problem. I had the ports
set up correctly, but keep forgetting the pipeline has to be reset before
the new rules take effect. I don't know why this is. On the Pipeline 75 We
used to use for ISDN, all you had to do was drop the connection and then
re-establish it. With the 130 I have to completely reset the router to get
the rules to take effect.
I'm also having other problems with the router, but that is for another
forum.
Thank you again for your help.
Chris Patterson
Network Administrator
Axiom Systems
Http://Www.AxiomSys.Com
The Truth Is Out There. Go Find It. Http://Www.2600.Com
-----Original Message-----
From: Ashley Burns [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 26, 2000 1:10 PM
To: [EMAIL PROTECTED]
Subject: Re: PPTP Over a Pipeline 130
Hello. Go to SecureConnect Manager and make a rule for the incoming
protocol 47 packets. Then make a rule for the outgoing
protocol 47 packets.Please note that "47" is an IP protocol (GRE)
on the same level as "TCP" is an IP protocol. "47" is the protocol
number in the IP header; it is not translated to "GRE" by the
SecureConnect logger so it appears simply as a number.
1. Pick "Custom IP Protocol" from the categories.
2. Click "incoming" and Enable.
3. Put 47 next to "Port/Protocol" and choose "Raw IP Packet".
4. Put xx.xx.xx.x in local servers space, and "*" in the remote
clients space.
Click "outgoing" and do #3 and #4 again. (Put xx.xx.xx.x in "local
clients"--
the labels are misleading here.)
You can also make a rule for incoming tcp 1723. Click "Another" under the
categories list, while custom IP protocol is still highlighted (even if you
have changed the name). Then do incoming, Enable, 1723, and tcp session.
The numbers in the log such as 62 and 94 are packet lengths.
--Ashley Burns
[EMAIL PROTECTED] wrote:
>
> I have been trying to get PPTP to work correctly over a Pipeline 130,
using
> the built-in firewall. I have a syslog daemon running on a Win2000
machine
> to monitor the router at the moment. When I try to make a PPTP connection
> from the outside world, I get the following response:
>
> 05-26-2000 10:38:46 Local7.Info Gatekeeper ASCEND:
wan1
> tcp xx.xx.xx.x;1723 <- yyy.yyy.yyy.yy;1026 62 syn<010>
> 05-26-2000 10:38:48 Local7.Info Gatekeeper ASCEND:
wan1
> 47 xx.xx.xx.x <- yyy.yyy.yyy.yy 94 !pass (reject)<010>
> 05-26-2000 10:38:50 Local7.Info Gatekeeper ASCEND:
wan1
> 47 xx.xx.xx.x <- yyy.yyy.yyy.yy 94 !pass (reject)<010>
> 05-26-2000 10:38:54 Local7.Info Gatekeeper ASCEND:
wan1
> 47 xx.xx.xx.x <- yyy.yyy.yyy.yy 94 !pass (reject)<010>
> .
> .
> .
> 05-26-2000 10:39:22 Local7.Info Gatekeeper ASCEND:
wan1
> 47 xx.xx.xx.x <- yyy.yyy.yyy.yy 66 !pass (reject)<010>
>
> Gatekeeper is the name of the router.
> xx.xx.xx.x is my PPTP Server behind the firewall.
> yyy.yyy.yyy.yy is my machine at home.
>
> The first line basically tells me that the initial connection to port 1723
> (PPTP) is established. Then I get a number of lines that, from what I can
> tell, say that a connection on port 47 fails. I know that 47 is the
Generic
> Routing Encapsulation (GRE), and I have set up a rule to allow it to be
> passed. But I can't tell what kind of packet it is trying to pass. The
> first line clearly states that the 1723 connection is a TCP Packet. But
the
> second line just says 47. Nothing more.
>
> I am also curious as to what the numbers towards the end of the line refer
> to (62, 94, and 66). I am assuming it is the length of something. Just a
> guess.
>
> Chris Patterson
> Network Administrator
> Axiom Systems
> Http://Www.AxiomSys.Com
>
> The Truth Is Out There. Go Find It. Http://Www.2600.Com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
