NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] RE: PPTP thru FW1



Hi,

I have got the same working and my setup details are as follows :
Services:

Pptp-data : ip_p=47,[22:2,b]=0x880B (type of service is User defined
service)
PPTP-Highport : 34827 (type of service is TCP)
PPTP-TCP : 1723 (type of service is tcp)
Create a group called PPTP comprising of the above 3 services.

Assuming that u have a workstation object in the FW called local mapped to
the actual IP (non - natted ) address of the PPTP server and u have another
object in the FW called local_valid mapped to the natted IP address of the
PPTP server... add the following rules to ur rulebase

Local		-	Any	-	PPTP		-	Accept
Local_Valid

Any		-	Local	-	PPTP		-	Accept
			Local_Valid

Hope this helps.

Regards,


Narendra




 -----Original Message-----
From: 	[email protected]
[mailto:[email protected]]  On Behalf Of Naresh
Narang
Sent:	Wednesday, May 02, 2001 3:47 AM
To:	[email protected]; [email protected];
[email protected]
Subject:	Re: [FW1] RE: PPTP thru FW1


I am sorry for sounding so foolish. I have set up static and Hide NATs
already. Actually I meant whenever I try to add a service with gre protocol
in the NAT rule (whether in a package or alone) Mgmt. console says this
service is not allowed for NAT.

Thanks
Naresh


>From: Michael Tench <[email protected]>
>To: Naresh Narang <[email protected]>, [email protected],
>[email protected]
>Subject: Re: [FW1] RE: PPTP thru FW1
>Date: Tue, 1 May 2001 12:35:30 -0700 (PDT)
>
>To perform a manual static nat:
>
>Use the policy editor:
>1) Create object "foo"
>2) Create an object called "foo-external"
>3) Click on the tab labeled "address translation"
>4) Add a rule in the address translation policy original packet section
>with
>a source of object foo to destination of any. In the translation section
>enter a source of foo-external and destination of any.
>5) Add another rule in the address translation policy original packet
>section with a source of object any and a destination of object
>foo-external.  In the translation section enter a source of any and a
>destination of foo.
>6) On the firewall create a route from foo external to foo. (In other
>words,
>Unix...route add 192.168.16.5 10.2.1.3 1
>
>You can also do this automatically, but I foind that it is easier to do
>this
>manually if you operate a number of firewalls.
>
>Michael Tench
>
>
>On Tue, 01 May 2001 05:44:35 , Naresh Narang wrote:
>
> >
> >  But how does one perform static or any NAT. Mgmt console does not let
>me
>do
> >  it.
> >
> >  Naresh
> >
> >
> >  >From: "Carl E. Mankinen" <[email protected]>
> >  >To: "Naresh Narang" <[email protected]>,
> >  ><[email protected]>
> >  >Subject: RE:
> >  >Date: Sun, 29 Apr 2001 22:25:17 -0400
> >  >
> >  >Static NAT, yes PPTP works.
> >  >Hide NAT, no PPTP doesnt.
> >  >
> >  >-----Original Message-----
> >  >From: [email protected]
> >  >[mailto:[email protected]]On Behalf
>Of
> >  >Naresh Narang
> >  >Sent: Saturday, April 28, 2001 5:39 AM
> >  >To: [email protected]
> >  >Subject:
> >  >
> >  >
> >  >
> >  >Hi,
> >  >
> >  >I am new to this list as well as FW1. I was trying to setup a PDS 2100
>box
> >  >running checkpoint smalloffice. It has vpn1 and fw1 ver 4.1 I have
>some
> >  >issues and it will be great if someone could clarify.
> >  >
> >  >1. Does FW1 allow NATing of protocol 47? I came across several posts
>as
> >  >well
> >  >as on Phoneboy site it is mentioned that it does but it did not let me
>do
> >  >that from Management console. Without this PPTPD won't work behind
>fw1.
> >  >
> >  >2. Is it possible for SecuRemote to work from a NATed environment. FW1
> >  >address is real though.
> >  >
> >  >Thanks,
> >  >Naresh
> >  >_________________________________________________________________
> >  >Get your FREE download of MSN Explorer at http://explorer.msn.com
> >  >
> >  >
> >  >
> >
>
>===========================================================================
=
> >  >====
> >  >      To unsubscribe from this mailing list, please see the
>instructions
>at
> >  >                http://www.checkpoint.com/services/mailing.html
> >
>
>===========================================================================
=
> >  >====
> >  >
> >  >
> >
> >  _________________________________________________________________
> >  Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> >
> >
> >
>===========================================================================
=====
> >       To unsubscribe from this mailing list, please see the instructions
>at
> >                 http://www.checkpoint.com/services/mailing.html
> >
>===========================================================================
=====
> >
>
>
>Michael Tench
>
>
>
>
>
>_______________________________________________________
>Send a cool gift with your E-Card
>http://www.bluemountain.com/giftcenter/
>
>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.