[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] PPTP problem
I have PPTP running great through firewall-1. My NT server is NAT'd by the firewall. I just let the nat default rules apply. I did have to allow the external and internal interface of the PPTP servers to be allowed. PPTP uses the external interface in the header and fw1 will drop the packets unless you allow that. Just setup your services, which look correct. Make sure you have the arp and nat setup like you would any other service. I also created a rule for each client that connects to only allow pptp from specific hosts. (They're all static ip dsl users.) I even successfully PPTP to work from a NAT'd address behind a linksys dsl router. It works really well! -byron -----Original Message----- From: Cosgriff, Joe [mailto:[email protected]] Sent: Friday, October 06, 2000 1:56 PM To: '[email protected]' Subject: [FW1] PPTP problem I am trying to set up PPTP. I am putting down what I did (will do), can some one let me know if I am correct. Thanks. 1) Create a service PPTP-data; ip_p=47,[22:2,b]=0x880B 2) Create objects; PPTP Client (10net) and PPTP server (other side IP) 3) FW rule src dst service action (rule) PPTP client IP address (10.*.*.*) PPTP server (valid destination IP) TCP 1723 accept PPTP-Data (rule) PPTP server PPTP client same same same 4) router nat the 10net device to the our external IP going out and our external to 10net inside. 5) Should not need to nat it on the FW-1, correct? Any help would be greatly appreciated. Thanks. Joseph L. Cosgriff [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|