[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] FW-1 and Microsoft VPN

To: "'Shaffer, Kurt '" <[email protected]>, "'FW1 (E-mail) '" <[email protected]>
Subject: RE: [FW1] FW-1 and Microsoft VPN
From: Chris Arnold <[email protected]>
Date: Mon, 5 Mar 2001 15:18:40 -0500
Sender: [email protected]


IP protocol 47 is GRE.  

I had the same problem.  It was suggested that I switch from automatic NAT
rules to manual NAT.  I did and all of my troubles went away.

Chris

-----Original Message-----
From: Shaffer, Kurt
To: FW1 (E-mail)
Sent: 3/5/01 1:24 PM
Subject: [FW1] FW-1 and Microsoft VPN


Hopefully someone out there can give me some ideas. 

We have a Microsoft VPN server setup in our DMZ off a Checkpoint FW-1
Solaris box. 
Access to the VPN has been allowed for clients to access the VPN using
PPTP services. 
When this is tested we can watch the log viewer and see the client
getting through the 
firewall using PPTP and a service labeled 34827.  Then when the VPN
server attempts to 
send packets back to the client it uses the service labeled 34827 but
the firewall is dropping 
these packets.  When testing it we opened up the rule for any service to
be accepted but 
they are still being dropped.  The service 34827 uses a protocol simply
labeled as 47. 

Is there anyone out there who may have a similar setup and experienced
similar problems 
that might be able to help shed some light on this? 

Thankx, 
Kurt Shaffer 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SMTP connection log
Next by Date: [FW1] secure remote
Prev by thread: RE: [FW1] FW-1 and Microsoft VPN
Next by thread: [FW1] FW-1 and Microsoft VPN
Index(es):
- Date
- Thread