I installed a w/s between the fw and the upstream router so Juan might want
to do that.
I try to connect to the PPTP/RRAS server and can see that it is blocked at
the fw (logging) with this (47) oh wow! it is GRE.
My problem is that I am sure the fw is setup to let protocol id 47 through.
Juan try this and see if fw-1 stops proto id 47, I am sure that fw-1 has
good logging capabilities.
I sure be able to fix this little problem today and will keep you posted!
or if you fix it before I do, well drop me a line!
Jean.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Ben Nagy
> Sent: Sunday, November 21, 1999 10:48 PM
> To: 'Blanco, Juan'; '[EMAIL PROTECTED]'
> Cc: [EMAIL PROTECTED]
> Subject: RE: VPN via 2501 - Firewall-1 - NT
>
>
> I presume you mean TCP 1723...
>
> So, error 650 is remote server not responding - typical of cases where GRE
> isn't getting end to end.
>
> Check it with some sort of sniffer, if you can. Check to see if you're
> getting any GRE behind the router, and then check behind the firewall.
>
> Another thing that might be tripping you up - if you're using a Cisco box
> with NAT, you MUST either use real IP addresses or use a STATIC
> NAT mapping
> for the firewall, otherwise GRE stuff won't get passed through properly.
> Dynamic NAT is based on TCP sessions - it doesn't grok GRE.
>
> There may also be problems along these lines on the FW-1 box - I
> dunno, I'm
> not a FW1 guy.
>
> Cheers,
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
>
> > -----Original Message-----
> > From: Blanco, Juan [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, 21 November 1999 12:10 AM
> > To: '[EMAIL PROTECTED]'
> > Cc: [EMAIL PROTECTED]
> > Subject: VPN via 2501 - Firewall-1 - NT
> >
> >
> > Folks,
> >
> >
> > I am currently trying to set up a simple dial-up virtual networking
> > configuration. What Im trying to do is allow a remote users to dial
> > into their internet service over a standard dial-up phone
> > line and from
> > there access the office network. Our server computer is
> > running Windows NT
> > 4.0 behind the Firewall-1, The error message that we are
> > recieving when
> > trying to do this with the VPN client is error 650:
> > I have Protocol 47 open at the firewall, and TCP port 172. I spoke to
> > checkpoint and they have no clue.
> >
> > Any help will be appreciated.....
> >
> >
> >
> > Thanks,
> >
> >
> > Tony
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
