RE: [FW1] PPTP problem

Fri, 06 Oct 2000 11:36:04 -0700 


I have PPTP running great through firewall 1.

My NT server is NAT'd by the firewall.  I just let the nat
default rules apply. I did have to allow the external and
internal interface of the PPTP servers to be allowed. PPTP
uses the external interface in the header and fw1 will drop
the packets unless you allow that.

Just setup your services, which look correct. Make sure you
have the arp and nat setup like you would any other service.

I also created a rule for each client that connects to only
allow pptp from specific hosts. (They're all static ip
dsl users.)

I even successfully PPTP to work from a NAT'd address behind
a linksys dsl router. It works really well!

-byron



-----Original Message-----
From: Cosgriff, Joe [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 06, 2000 1:56 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] PPTP problem



I am trying to set up PPTP.  I am putting down what I did (will do), can
some one let me know if I am correct.  Thanks.

1)  Create a service PPTP-data;  ip_p=47,[22:2,b]=0x880B 

2)  Create objects; PPTP Client (10net) and PPTP server (other side IP)

3)  FW rule
        src                             dst
service         action
(rule)  PPTP client IP address (10.*.*.*)       PPTP server (valid
destination IP) TCP 1723        accept
        
PPTP-Data
        

(rule)  PPTP server                     PPTP client
same            same
        
same

4)  router
nat the 10net device to the our external IP going out and our external to
10net inside.

5)  Should not need to nat it on the FW-1, correct?

Any help would be greatly appreciated.  Thanks.

Joseph L. Cosgriff
[EMAIL PROTECTED]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to