GRE is used in pptp implimentations it is an ip service, ip 47, and is
often required with TCP port 1723 for passing pptp traffic <windows sec
protocol>.
Here's an article pulled up on google realting to this:
Subject:
Re: gre and cisco
From:
Eric Vyncke <[EMAIL PROTECTED]>
Date:
Fri, 03 Apr 1998 16:17:50 +0200
To:
[EMAIL PROTECTED], [EMAIL PROTECTED]
In-Reply-To:
<[EMAIL PROTECTED]>
At 06:46 2/04/98 -0500, [EMAIL PROTECTED] wrote:
>What are the IOS version requirements for passing PPTP through a cisco
box
>and does anyone know of a good place to get some setup examples?
Passing PPTP is quite simple, the extended ACL should permit:
- IP protocol 47 (= GRE)
- TCP port 1723 (= control port)
E.g.:
access-list 101 permit tcp xxx yyy eq 1723
access-list 101 permit 47 xxx yyy
And extended ACL are fairly old in IOS(these are the ACL with source and
destination
address), so, your router probably support them.
Now, beware that you just open a possibly wide security hole: the IOS
router
cannot check INSIDE the PPTP connection for IP-spoofing or any other
attack.
Best regards
-eric
Thanks,
Ron DuFresne
On Mon, 12 Mar 2001, Jesus Gonzalez wrote:
> Hi all,
> I have a question that I'm a bit embarassed to ask.
> We have users in our office that need access to a remote network that has a
> compatible systems (now Cisco) VPN switch. I was told that in order to
> allow this
> through our firewall, I had to open up ports TCP 500 and GRE47. My question
> concerns GRE. Is GRE a protocol like TCP/UDP/ICMP? Or is it a subset of
> TCP?
> In trying to configure my firewall (secure computing) I only see options for
> TCP and UDP ports when trying to map a port.
> Also, I believe I read in one of Cisco's tech bulletins that your Cisco
> router must be running a certain version of the IOS in order for this to
> work. WHY???
> Can someone please explain to me, in simple terms <grin> what exactly GRE
> is?
>
> Thanks in advance for your help!
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
