NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] FW-1 and PPTP



> PPTP will work with Static NAT, but not HIDE NAT.

This statement from Phoneboy site is misleading or incorrect.
CP's official position is that PPTP will not work if PPTP server is NATted.
Above may apply to the PPTP client only. When PPTP server is statically
NATted, there is a sort of workaround that I poted here earlier on this
thread.

Sincerely,

Sun Yu, CISSP
Lucent Worldwide Services


> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of
> Jason Kent
> Sent: Tuesday, January 09, 2001 4:29 PM
> To: 'Johnny Trujillo'; [email protected]
> Subject: RE: [FW1] FW-1 and PPTP
>
>
>
> http://www.phoneboy.com/fw1/faq/0321.html
>
>
> PPTP
> Q:
> How can I make FireWall-1 work with PPTP?
> A:
> You must add a rule permitting access between your PPTP
> clients and server.
> PPTP uses two services:
> TCP port 1723 for a control session
> A variation of the GRE protocol (IP Protocol 47) for data.
> To create this last service, create the service as a service
> of type Other.
> For the name, use PPTP-Data. In the match field, put: ip_p =
> 47, [22:2,b] =
> 0x880B
> (Note: ip_p = 47 identifies the IP protocol type as GRE.
> [22:2,b] = 0x880B
> identifies the payload protocol as GRE.)
>
> The rules look like this:
>   Source Destination Service Action
> PPTP-Clients   PPTP-Server   PPTP-Control PPTP-Data   Accept
> PPTP-Server    PPTP-Clients   PPTP-Control PPTP-Data   Accept
>
>
> PPTP will work with Static NAT, but not HIDE NAT. >
>
> > -----Original Message-----
> > From: Johnny Trujillo [mailto:[email protected]]
> > Sent: Tuesday, January 09, 2001 1:03 PM
> > To: [email protected]
> > Subject: [FW1] FW-1 and PPTP
> >
> >
> >
> > Has anyone there have experience of running MS VPN
> > PPTP through FW-1, we have the need to save and print
> > to a remote site in a secure way using Terminal Server
> > from our site servers to the user's site workstations
> > behind a CKP FW-1. They are using NAT and their FW
> > blocks their packets to come to us. without the VPN
> > they can ping and traceroute to us, with PPTP enable,
> > their FW blacks all packets to us. Any solutions,
> > sugestions?
> >
> > Thank you in advance
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Photos - Share your holiday photos online!
> > http://photos.yahoo.com/
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.