Not
so. We’ve been using PPTP through
our firewall without issue (required for MAC VPN). Are you sure you’re letting through everything you
need? We create a user-defined
service for PPTP, where the Match field is set to “ip_p = 47 or (tcp and dport=1723)”.
Brian D. Smith
InterOne Marketing Group
880 W. Long Lake
Troy, MI 48098-4504
-----Original
Message-----
From: Jabal P Raval
[mailto:[email protected]]
Sent: Friday, June 29, 2001 5:07
PM
To: Neil A Trevains
Cc:
[email protected]
Subject: Re: [FW1] FW-1 and PPTP
from what I
know, pptp won't work with NAT due to the fact that it has IP embeded into
payload. could be wrong though.
- Jabal
Neil A Trevains wrote:
Folks,I've got what is - I hope ;) - a quick query. I have a
client workstation on the 'clean' side of our firewall, that needs access to a
Windows 2000 VPN server running PPTP on the 'dirty' side of our firewall. Our
FW-1 performs NAT from our private address space to a single public IP address.
All the relevant services and rules have been set-up, but when you review the
logs, the returning part of the 'conversation' is pointing to the NATed
address, and that's where it gets hung up. Any ideas?Many thanks in
advance.Kind regards,Neil
Neil A Trevains
Chief Technology Officer
Direct:
+44 (0)20 7422 9642
Fax: +44 (0)20 7422 9647
Mobile: +44 (0)7900 212526
W3: www.traditiongroup.com/uk
Disclaimer:
The Company
For
the purposes of this disclaimer, "The Company" may be Tradition (UK)
Limited or any other division or wholly owned subsidiary of the Compagnie
Financière Tradition Group.
Receipt in Error
The
electronic mail message you have received and any files transmitted with it are
intended solely for the addressee(s) and may be legally privileged and/or
confidential.
If you
have received this email in error please delete it and all copies of it from
your system, destroy any hard copies of it and contact the sender. You should
not divulge copy, forward or use the contents, attachments or information in
any way. Any unauthorised use or disclosure may be unlawful.
Accuracy & Content
The
Company gives no warranty as to the accuracy or completeness of electronic mail
messages sent over the Internet and accepts no responsibility for changes made
after it was sent.
Any
opinion expressed in this email may be personal to the author, may not
necessarily reflect the opinions of the Company or its affiliates and may be subject
to change without notice.
Personal Information
Any
personal information contained in this e-mail is provided solely for the
purpose stated in the message and must not be disclosed to any third-party or
used for any other purpose without consent.
Monitoring Policy
All
electronic communications with the Company may be monitored in the UK in
accordance with the UK Regulation of Investigatory Powers Act, Lawful Business
Practice Regulations, 2000. If you do not consent to such monitoring, you
should contact the sender of the e-mail
**********************************************************************
This email and
any files transmitted with it are confidential and
intended solely
for the use of the individual or entity to whom they
are addressed.
If you have received this email in error please notify
the system
manager.
This footnote also confirms that this email message has been swept
by
MIMEsweeper for
the presence of computer viruses.
www.mimesweeper.com
**********************************************************************