RE: [FW1] FW-1 and PPTP

Tue, 09 Jan 2001 14:29:21 -0800 


http://www.phoneboy.com/fw1/faq/0321.html


PPTP
Q:
How can I make FireWall-1 work with PPTP? 
A:
You must add a rule permitting access between your PPTP clients and server.
PPTP uses two services: 
TCP port 1723 for a control session 
A variation of the GRE protocol (IP Protocol 47) for data. 
To create this last service, create the service as a service of type Other.
For the name, use PPTP-Data. In the match field, put: ip_p = 47, [22:2,b] =
0x880B 
(Note: ip_p = 47 identifies the IP protocol type as GRE. [22:2,b] = 0x880B
identifies the payload protocol as GRE.) 

The rules look like this: 
  Source Destination Service Action 
PPTP-Clients   PPTP-Server   PPTP-Control PPTP-Data   Accept 
PPTP-Server    PPTP-Clients   PPTP-Control PPTP-Data   Accept 


PPTP will work with Static NAT, but not HIDE NAT. 


> -----Original Message-----
> From: Johnny Trujillo [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 09, 2001 1:03 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] FW-1 and PPTP
> 
> 
> 
> Has anyone there have experience of running MS VPN
> PPTP through FW-1, we have the need to save and print
> to a remote site in a secure way using Terminal Server
> from our site servers to the user's site workstations
> behind a CKP FW-1. They are using NAT and their FW
> blocks their packets to come to us. without the VPN
> they can ping and traceroute to us, with PPTP enable,
> their FW blacks all packets to us. Any solutions,
> sugestions?
> 
> Thank you in advance
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to