[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] RE: PPTP thru FW1
Hi, I have got the same working and my setup details are as follows : Services: Pptp-data : ip_p=47,[22:2,b]=0x880B (type of service is User defined service) PPTP-Highport : 34827 (type of service is TCP) PPTP-TCP : 1723 (type of service is tcp) Create a group called PPTP comprising of the above 3 services. Assuming that u have a workstation object in the FW called local mapped to the actual IP (non - natted ) address of the PPTP server and u have another object in the FW called local_valid mapped to the natted IP address of the PPTP server... add the following rules to ur rulebase Local - Any - PPTP - Accept Local_Valid Any - Local - PPTP - Accept Local_Valid Hope this helps. Regards, Narendra -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Naresh Narang Sent: Wednesday, May 02, 2001 3:47 AM To: [email protected]; [email protected]; [email protected] Subject: Re: [FW1] RE: PPTP thru FW1 I am sorry for sounding so foolish. I have set up static and Hide NATs already. Actually I meant whenever I try to add a service with gre protocol in the NAT rule (whether in a package or alone) Mgmt. console says this service is not allowed for NAT. Thanks Naresh >From: Michael Tench <[email protected]> >To: Naresh Narang <[email protected]>, [email protected], >[email protected] >Subject: Re: [FW1] RE: PPTP thru FW1 >Date: Tue, 1 May 2001 12:35:30 -0700 (PDT) > >To perform a manual static nat: > >Use the policy editor: >1) Create object "foo" >2) Create an object called "foo-external" >3) Click on the tab labeled "address translation" >4) Add a rule in the address translation policy original packet section >with >a source of object foo to destination of any. In the translation section >enter a source of foo-external and destination of any. >5) Add another rule in the address translation policy original packet >section with a source of object any and a destination of object >foo-external. In the translation section enter a source of any and a >destination of foo. >6) On the firewall create a route from foo external to foo. (In other >words, >Unix...route add 192.168.16.5 10.2.1.3 1 > >You can also do this automatically, but I foind that it is easier to do >this >manually if you operate a number of firewalls. > >Michael Tench > > >On Tue, 01 May 2001 05:44:35 , Naresh Narang wrote: > > > > > But how does one perform static or any NAT. Mgmt console does not let >me >do > > it. > > > > Naresh > > > > > > >From: "Carl E. Mankinen" <[email protected]> > > >To: "Naresh Narang" <[email protected]>, > > ><[email protected]> > > >Subject: RE: > > >Date: Sun, 29 Apr 2001 22:25:17 -0400 > > > > > >Static NAT, yes PPTP works. > > >Hide NAT, no PPTP doesnt. > > > > > >-----Original Message----- > > >From: [email protected] > > >[mailto:[email protected]]On Behalf >Of > > >Naresh Narang > > >Sent: Saturday, April 28, 2001 5:39 AM > > >To: [email protected] > > >Subject: > > > > > > > > > > > >Hi, > > > > > >I am new to this list as well as FW1. I was trying to setup a PDS 2100 >box > > >running checkpoint smalloffice. It has vpn1 and fw1 ver 4.1 I have >some > > >issues and it will be great if someone could clarify. > > > > > >1. Does FW1 allow NATing of protocol 47? I came across several posts >as > > >well > > >as on Phoneboy site it is mentioned that it does but it did not let me >do > > >that from Management console. Without this PPTPD won't work behind >fw1. > > > > > >2. Is it possible for SecuRemote to work from a NATed environment. FW1 > > >address is real though. > > > > > >Thanks, > > >Naresh > > >_________________________________________________________________ > > >Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > > > > > > > > > >=========================================================================== = > > >==== > > > To unsubscribe from this mailing list, please see the >instructions >at > > > http://www.checkpoint.com/services/mailing.html > > > >=========================================================================== = > > >==== > > > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > > > > > > > > >=========================================================================== ===== > > To unsubscribe from this mailing list, please see the instructions >at > > http://www.checkpoint.com/services/mailing.html > > >=========================================================================== ===== > > > > >Michael Tench > > > > > >_______________________________________________________ >Send a cool gift with your E-Card >http://www.bluemountain.com/giftcenter/ > > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|