[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] PPTP
I missed an important peice of the log. The interface for the DMZ was the one dropping these packets. When I set it to no security policy it began to work. Why didn't this get logged as a drop by rule 0? -----Original Message----- From: Claussen, Ken [mailto:[email protected]] Sent: Friday, November 03, 2000 11:50 AM To: 'Kelly, John' Subject: RE: [FW1] PPTP PPTP Uses Protocol TYPE 47 (not port) although it looks as if your inbound rule is OK. Do you have a corresponding outbound rule? that matches the inbound. According to your log file the outbound connection for Protocol TYPE 47 is being dropped, which is the return traffic. Check out this document, http://support.checkpoint.com/public/publisher.asp?id=af07b51c-b127-11d4-a9a f-0800208d6adb&resource=&number=0&isExternal=0 It describes how to configure PPTP through the firewall. Ken Claussen MCSE CCNA CCA IT Coordinator Retail Planning Associates-----Original Message----- From: Kelly, John [mailto:[email protected]] Sent: Friday, November 03, 2000 11:08 AM To: Fw-1-Mailinglist (E-mail) Subject: [FW1] PPTP I have been able to use a PPTP client from behind my FW-1 connecting to an external PPTP Server. There is no NAT happening on the FW-1 for my internal network. I installed a PPTP server on my internal network and created the appropriate rules however, I am unable to complete a connection from my PPTP client on the Internet. The connection hangs while authenticating the user. This client can connect to other PPTP servers, so it is not the client. I moved the PPTP server outside the firewall, and had no problems connecting. So I moved it back inside the firewall to the DMZ which is nat'd. I added the ARP to the router, the route on the firewall and on the router and added the static translation. I still cannot complete the connection, it hangs on authentication. My log shows the following Action Service Source Destination Protocol Accept TCP1723 24.128.x.x PPTPServer(Valid Addess) tcp Accept 34827 24.128.x.x PPTPServer(Valid Addess) 47 Drop 34827 PPTPServer(Valid Addess) 24.128.x.x 47 Drop 34827 PPTPServer(Valid Addess) 24.128.x.x 47 This is also what happened when I moved the server back to the internal network and removed the NAT. Any ideas would be appreciated. Thanks john ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|