Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] PPTP through Check Point FW-1 using static NAT

To: "'[email protected]'" <[email protected]>
Subject: [FW1] PPTP through Check Point FW-1 using static NAT
From: Mark Kanwischer <[email protected]>
Date: Fri, 27 Oct 2000 14:54:53 -0600
Sender: [email protected]

I am having trouble in getting PPTP to work through a Check Point firewall
(Ver 4.1 SP2) using static NAT. I have set the firewall up according to the
instructions laid out on the Phoneboy site ==> 

****************************************************************************
******************************************8
You must add a rule permitting access between your PPTP clients and server.
PPTP uses two services: 
*	TCP port 1723 for a control session 
*	A variation of the GRE protocol (IP Protocol 47) for data. 
To create this last service, create the service as a service of type Other.
For the name, use PPTP-Data. In the match field, put: ip_p = 47, [22:2,b] =
0x880B 
(Note: ip_p = 47 identifies the IP protocol type as GRE. [22:2,b] = 0x880B
identifies the payload protocol as GRE.) 
The rules look like this: 
Source	Destination	Service	Action	
PPTP-Clients	PPTP-Server	PPTP-Control  PPTP-Data Accept		
PPTP-Server	PPTP-Clients	PPTP-Control  PPTP-Data Accept		
PPTP will work with Static NAT, but not HIDE NAT. 
****************************************************************************
***************************************

The Problem:

Basically the PPTP session gets set up okay and the user is prompted for a
username and password.  Upon sending this info the session times out after
about 30 secs and yields some generic failure message (can't recall exactly
what at the moment). The NT event log on the PPTP server (NT 4.0 SP5) shows
the following error:

Event ID: 20777.  An error occurred in the point to point protocol module on
VPNx. The PPP negotiation is not converging.

If the PPTP server is moved outside the firewall (in parallel with the
firewall), everything works just fine.  I have done sniffer traces with the
PPTP server in both locations to get a comparison.  The data shows that the
session gets administratively reset by the PPTP server with no errors.  Does
anyone have any idea on what might be wrong or what I might try?  Any help
would be much appreciated. 

Thanks



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SSL vs. Securemote
Next by Date: Re: [FW1] How to eliminate the dns time-out for slow telnet connection?
Previous by thread: [FW1] SecurID troubleshooting checklist
Next by thread: [FW1] E-Safe
Index(es):
- Date
- Thread