Re: VPNS/access-list question

Sat, 29 Jul 2000 16:22:38 -0700 


There's two things you need to allow for MS PPTP (I assume that's what
you're using.)

Port 1723 tcp, and either GRE (protocol 47) for NT4 or IPSec (protocol
50) for Win2k.  I know NT4 uses GRE and this setup will work, but I've
heard Win2k has an option to use IPSec instead.  Either way allow
whichever one you decide to use on your VPN server.

access-list 105 permit tcp any host X.X.X.X eq 1723
access-list 105 permit gre any host X.X.X.X   (Use this if you're using
PPTP with GRE)

access-list 105 permit 50 any host X.X.X.X    (use this for PPTP with
IPSec)



On Sat, 29 Jul 2000 [EMAIL PROTECTED] wrote:

> I have setup this acces-list going to the Internet, I have a few 2000 
> Server's some worksta's as well. I have VPNS setup on one of my 2000  Server 
> and want to be able to access this network from the Internet, I have the 
> server setup for VPN, but with this new access-list I put up I can no longer 
> get to my VPN server no more. The server IP address is 198.168.1.10 and yes I 
> am running NAT on my router, not PAT.
> What kind of access-list do I need to be able to gain access to my VPNS 
> without showing my tcp 137-139 and udp 137-139 to my Server.
> 
> Thanks
> 
> 
>  Ethernet0
>    ip address X.X.X.X 255.255.255.0
>    ip access-group 105 out
> 
>   BRI0
>   ip address 10.1.1.1 255.255.255.0
> 
> 
> access-list 105 permit tcp any any established log
> access-list 105 deny   udp any any eq 135 log
> access-list 105 deny   udp any any eq 136 log
> access-list 105 deny   udp any any eq netbios-ns log
> access-list 105 deny   udp any any eq netbios-dgm log
> access-list 105 deny   udp any any eq netbios-ss log
> access-list 105 permit udp any any log
> access-list 105 permit icmp any any log              
> 
> Brian
> Email Address [EMAIL PROTECTED]
> 
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to