Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] PPTP Connections through Hide NAT

To: [email protected]
Subject: Re: [FW-1] PPTP Connections through Hide NAT
From: "Antoniani, Alessandro" <[email protected]>
Date: Thu, 17 Jan 2002 14:17:45 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] PPTP Connections through Hide NAT

Hi all,
Yves is right, what I need to do is have my Hide NAT clients connect out to PPTP servers at customers sites.
The document http://www.phoneboy.com/docs/UDP-Encapsulation.htm explains what the problem is, considering that PPTP uses IP protocol 47, there are no port available for the NAT mapping. Reading that however, I expected FW1 to be able to let at least one client communicate with a PPTP server, but it's not.

Answering your question, Yves, both ISA and Guardian can do this in a similar setup, private IP address clients, NAT'ed out on one public IP can PPTP out to a remote server. More than one at the same time.

Taking this a different way, do you have suggestions on how to spy how ISA does this?
Thanks

alex

-----Original Message-----
From: Yves Belle-Isle [mailto:[email protected]]
Sent: Wednesday, January 16, 2002 6:31 PM
To: [email protected]
Subject: Re: [FW-1] PPTP Connections through Hide NAT

What Alessandro want to do is to have many PPTP client behing the FW-1 establishing connections to PPTP servers at his customers sites as i understand it.

You, Jeremy refer it to a paper which speak of supporting a PPTP server behing a FW-1.

That paper is almost obsolete in FW-1 4.1 because those services are already defined in the product.

Myself run such a PPTP server behing a FW-1 4.1 but i don't use NAT for that server and the paper you mention doesn't too.

I use PPTP clients behing the FW-1 4.1 to access clients lan and it work's but i don't use NAT at all...

So we did not respond to Alessandro question which was: How do i setup my FW-1 so i can have PPTP clients behing my FW-1 accessing PPTP servers at customers location and have those PPTP clients behing hide NAT address ?

I don't have the answer as i doesn't have that problem, i hope someone else can answer his question.

By the way Jeremy did you try to have PPTP clients, with private IP address behing your ISA or Guardian firewall doing NAT to public address to those PPTP clients, establishing connections to remote PPTP server. Does it worked ?

At 09:16 2002-01-16, Jeremy Morrill wrote:

>
>
>            I have used ISA and Guardian (no longer in business) and
> they both do PPTP flawlessly without any type of special
> configuration. Checkpoint however is a different story. See the
> following document for proper configuration of PPTP with Checkpoint
> FW-1.
>
>
>
>            ftp://ftp.andover.edu/test/pptp.pdf
>
>
>
>
> -JRM
>
>
>
>Jeremy Morrill
>
>Network Project Manager
>
>Phillips Academy
>
>E-mail: [email protected]
>
>
>
>-----Original Message-----
>From: Mailing list for discussion of Firewall-1
>[mailto:[email protected]] On Behalf Of Antoniani, Alessandro
>Sent: Tuesday, January 15, 2002 11:48 AM
>To: [email protected]
>Subject: [FW-1] PPTP Connections through Hide NAT
>
>
>
>Hi all,
>we have FW-1 protecting our LAN with Hide NAT. Our users need to
>connect to customers' LANs using PPTP VPNs with the standard Windows
>2000 client. I've tried to configure the rule base to allow for this,
>but it seems that the only way to have a LAN client connect is to setup
>a static NAT for the client, while what I really want is to have
>anybody on the LAN be able to do it without requesting a particular
>configuration to IT.
>
>ISA Server does this easily, our old firewall (Guardian) could do this
>without problems as well, anybody have suggestions?
>
>Thanks in advance
>
>alex
>
>_________________________________
>Alessandro Antoniani, IT Manager
>Bowne Global Solutions, formerly Mendez
>
>Office Via Ripamonti, 131/133
>        20141 Milano, Italy
>Phone   +39 02 53570225
>Mobile +39 335 453629
>Fax     +39 02 53570222
>[email protected]
>www.bowneglobal.com
>
>

------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:
Sogi Informatique Ltee.                 Fax:
------------------------------------------------------------

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected] =================================================

Prev by Date: Re: [FW-1] Unable to connect to Citrix via NFuse
Next by Date: Re: [FW-1] @-sign in URL (proxy mode)
Previous by thread: Re: [FW-1] PPTP Connections through Hide NAT
Next by thread: [FW-1] AW: [FW-1] Connection lost problem
Index(es):
- Date
- Thread