<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=Windows-1252" http-equiv=Content-Type>
<META content="MSHTML 5.00.2919.6307" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>Microsoft's PPTP uses two ports - I believe they are 1027 and 47. The
initial connection is made on port 1027, and then data is passed on port
47. It's been a long time since I read the specs, but they are up in
Microsoft's Knowledge base.</DIV>
<DIV> </DIV>
<DIV>If your router (the flowpoint box) is using masquerading then you will have
problems using MS PPTP. Most masquerading firewall/routers now have
patches to allow PPTP to pass through them. We use a Linux box as our
firewall/router and we had to apply a patch to our kernel so that the GRE
packets (port 47) would be redirected to the proper box inside our
firewall.</DIV>
<DIV> </DIV>
<DIV>Also, some ISP's do not pass GRE packets. You may want to confirm
with them that will allow PPTP to travel into and across their net.</DIV>
<DIV> </DIV>
<DIV>Also, check in with MS's knowledge base. They have lot of info
logged up their on getting your PPTP to work.</DIV>
<DIV> </DIV>
<DIV>Jon Carnes</DIV>
<DIV>MIS - HAHT Software</DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A href="mailto:frank@computica.com" title=frank@computica.com>Frank R.
Boecherer</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:VPN@SECURITYFOCUS.COM"
title=VPN@SECURITYFOCUS.COM>VPN@SECURITYFOCUS.COM</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, January 18, 2000 10:12
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Flowpoint and PPTP/VPN</DIV>
<DIV><BR></DIV>
<DIV><SPAN class=540344902-19012000>If you have (or not) experience with
Flowpoint routers, maybe you can offer some tips...</SPAN></DIV>
<DIV><SPAN class=540344902-19012000></SPAN> </DIV>
<DIV><SPAN class=540344902-19012000>We are trying to setup remote access to
our NT with one end of the connection being a remote computer
connected to the Internet via cable modem and using Microsoft's PPTP VPN
and the other end being the main office server with cable modem and a
Flowpoint ethernet to ethernet router.</SPAN></DIV>
<DIV><SPAN class=540344902-19012000></SPAN> </DIV>
<DIV><SPAN class=540344902-19012000>Everything seems to be going OK after
clickin the VPN dialup icon, but after the box that
says "</SPAN><SPAN class=540344902-19012000>Verifying user name and
password" comes up, the connection times out and we get an "Error 650: The
computer you're dialing in to does not respond<FONT size=2><FONT
face=Arial><SPAN class=520401003-19012000> to a network request. Check
your server type setting in the properties of the connection. If this
problem persists, check with your network
administrator.</SPAN></FONT></FONT>"</SPAN></DIV>
<DIV><SPAN class=540344902-19012000>
<DIV><SPAN class=540344902-19012000></SPAN></DIV></SPAN></DIV>
<DIV><SPAN class=540344902-19012000></SPAN> </DIV>
<DIV><SPAN class=540344902-19012000>We have filtering turned off, I believe,
on the server, but I read somewhere that we may need to turn on GRE protocol
47 in the router to allow the passing of certain packets or header data.
Can anyone explain what GRE is and maybe how to enable it on the Flowpoint and
if that is the problem we might be experiencing?</SPAN></DIV>
<DIV><SPAN class=540344902-19012000></SPAN> </DIV>
<DIV><SPAN class=540344902-19012000>Thanks</SPAN></DIV>
<DIV><SPAN class=540344902-19012000></SPAN> </DIV>
<DIV><SPAN class=540344902-19012000>Frank</SPAN></DIV>
<DIV> </DIV></BLOCKQUOTE></BODY></HTML>