Just a quick note:
Unless the new VPN concentrators do something bizarre, that doesn't sound
right. I didn't know the concentrators supported PPTP (but then, I didn't
look).
You probably want to do either PPTP _or_ IPSec. For PPTP:
TCP 1723, IP Protocol 47 (GRE)
For IPSec:
_UDP_ (not TCP) 500, IP Protocols 50, 51 (AH, ESP)
The new concentrators also support "NAT transparent IPSec" which uses a user
(that means you) configurable UDP port. If you need that, then use a high
port.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: Jesus Gonzalez [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 13 March 2001 7:40
> To: [EMAIL PROTECTED]
> Subject: IPSEC and GRE
>
>
> Hi all,
> I have a question that I'm a bit embarassed to ask.
> We have users in our office that need access to a remote
> network that has a
> compatible systems (now Cisco) VPN switch. I was told that
> in order to
> allow this
> through our firewall, I had to open up ports TCP 500 and
> GRE47. My question
> concerns GRE. Is GRE a protocol like TCP/UDP/ICMP? Or is it
> a subset of
> TCP?
> In trying to configure my firewall (secure computing) I only
> see options for
> TCP and UDP ports when trying to map a port.
> Also, I believe I read in one of Cisco's tech bulletins that
> your Cisco
> router must be running a certain version of the IOS in order
> for this to
> work. WHY???
> Can someone please explain to me, in simple terms <grin> what
> exactly GRE
> is?
>
> Thanks in advance for your help!
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
