PPTP server (continued..)

Sandy Green sand232 at YAHOO.COM
Mon Feb 28 10:20:59 EST 2000 

continuing on this thread i wanted to know about the
implementation of PPTP.
PPTP as i have implemented is basically a client to
gateway implementation. ie a client connects to a
PPTP gateway and can connect to hosts behind the
gateway under the tunnel.
what about PPTP in a gateway to gateway
implementation.
is it possible to implement in a gateway to gateway
configuration. if yes, do let me if any one of you has

done this.
thanks all
sandy


--- David Gillett <dgillett at NIKU.COM> wrote:
>   TCP is IP protocol no 6.  UDP is no 17.  I think
> ICMP is no 1.  Port
> numbers are a feature of TCP and UDP; ICMP has
> "types" and other IP
> protocols may or may not have mechanisms for
> identifying subsets.  GRE is a
> separate IP protocol, and does not use port numbers
> within TCP or UDP.
>   It is quite possible that your router is blocking
> GRE; in general,
> firewalls block everything except what they are told
> to allow.
>
> David Gillett
> Enterprise Server Manager, Niku Corp.
> (650) 701-2702
> "Transforming the Service Economy"
>
> -----Original Message-----
> From: VPN Mailing List
> [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of John
> Hayward
> Sent: February 24, 2000 20:37
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: PPTP server
>
>
> > installed on the hosts. And if one is using PPTP
> in
> > all
> > probability it would need to be able to go through
> a
> > firewall. For the Firewal to allow PPTP traffic to
> > flow
> > through it you would need the following to be
> opened
> > between the relevant sources/desinations...
> > TCP port 1723 and IP protocol no 47 (which is
> GRE).
>
> I'm a bit confused by IP protocol no 47.  Is this a
> port number or
> something else.  We have a person attempting to
> connect via pptp thru
> our firewall router  and we generally block ports
> below 1024.  I did a
> tcpdump and can see connections going to port 1723
> and acks coming back
> but it dies at some point in the negociations.  Does
> port 47 have to be
> open or might the the router be blocking protocol no
> 47 (GRE)?
>
> TIA
>
> johnh...
> >
> > -sandy
>
> VPN is sponsored by SecurityFocus.COM
>
> VPN is sponsored by SecurityFocus.COM
>
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list