Re: Needed open ports other than 1723 for MS VPN?

[Pamela Patterson <ppatters () montage ca>]

DThornton () TWEC COM wrote:
> Just a quick simple question for most of you here I am sure. In trying to
> allow as minimal amount of port openings being exposed. In doing so I am
> running into a few probloms while having others attempt to VPN into my main
> server. I have opened 1723 to allow incoming traffic to the server but still
> am experiencing problems allowing the clients to reach my network. Are there
> any loopback ports (or any at all) required other than 1723 to complete a
> VPN connection. I am hoping that I don't receive a response that 135 and 139
> need to be opened up but if that's what it takes so be it. Thanks in
> advance!!

You need to allow Generic Routing Encapulation packets through (IP protocol 47),
which (if you're like me) you had never heard of until you tried to implement MS
PPTP.  How to do this depends on what firewall you are running.

For FW-1, I hear you must define the GRE Protocol 47 by create a service "other"
and establish the Match attribute to ip_p=47.
_____________________________________________________
Pamela Patterson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards