Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] PPTP problem

To: "'Cosgriff, Joe'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] PPTP problem
From: "Miller, Byron" <[email protected]>
Date: Fri, 6 Oct 2000 14:25:28 -0400
Sender: [email protected]

I have PPTP running great through firewall-1.

My NT server is NAT'd by the firewall.  I just let the nat
default rules apply. I did have to allow the external and
internal interface of the PPTP servers to be allowed. PPTP
uses the external interface in the header and fw1 will drop
the packets unless you allow that.

Just setup your services, which look correct. Make sure you
have the arp and nat setup like you would any other service.

I also created a rule for each client that connects to only
allow pptp from specific hosts. (They're all static ip
dsl users.)

I even successfully PPTP to work from a NAT'd address behind
a linksys dsl router. It works really well!

-byron



-----Original Message-----
From: Cosgriff, Joe [mailto:[email protected]]
Sent: Friday, October 06, 2000 1:56 PM
To: '[email protected]'
Subject: [FW1] PPTP problem



I am trying to set up PPTP.  I am putting down what I did (will do), can
some one let me know if I am correct.  Thanks.

1)  Create a service PPTP-data;  ip_p=47,[22:2,b]=0x880B 

2)  Create objects; PPTP Client (10net) and PPTP server (other side IP)

3)  FW rule
	src				dst
service		action
(rule)	PPTP client IP address (10.*.*.*)	PPTP server (valid
destination IP)	TCP 1723	accept
	
PPTP-Data
	

(rule)	PPTP server			PPTP client
same		same
	
same

4)  router
nat the 10net device to the our external IP going out and our external to
10net inside.

5)  Should not need to nat it on the FW-1, correct?

Any help would be greatly appreciated.  Thanks.

Joseph L. Cosgriff
[email protected]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] VLAN-Checkpoint
Next by Date: Re: [FW1] Port-sensitive redirection to multiple servers using on e single Hide-NAT address
Previous by thread: [FW1] PPTP problem
Next by thread: [FW1] FW1 Session Auth exploit (fwd)
Index(es):
- Date
- Thread