Yes, I have 2 rules defined. I have
one going Any -> VPN (service ->any) as well as VPn
-> any (service -> any). I have also tried Any -> VPN
(service: PPTP, GRE [ip_p = 47]) and VPN -> any (service PPTP,
GRE) and I still get the same error code 721 on the win 2000 client.
If you look at error code 721 it defines it as a problem with the PPP protocol
in that a PPP link was not able to be established. From what I understand,
a connection is made, and then where the PPP comes in is creating an encrypted
channel for the passing of authentication information and eventually the
creation of the IP tunnel. I believe I am getting stuck at the
authentication part because on the status indicator on the client, I always see
2 messages. One is connecting, and the other says verifying username and
password and it always hangs on the latter. I have checked and
double checked to make sure that the username and password is correct and that
the users are allowed to connect via VPN. I have connected to
the VPN server from a client on the internal lan with no problems but that is
pointless. I need it to work through the firewall.
Thanks
for your help.
Ryan
-----Original Message-----
From: Su, Michael [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 9:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] PPTP through CheckpointStatic NAT will work for PPTP. Did you allow returning GRE to your PPTP client from your PPTP server?Michael SuSecurity EngineerAtos Origin
-----Original Message-----
From: Ryan Realivasquez [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 1 October 2002 2:20 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] PPTP through CheckpointHow do I get away from NAT while behind a Checkpoint 4.1 firewall? I am currently using Static NAT to translate a routable IP to the server's internal IP. Is there another way than that?Thanks,Ryan-----Original Message-----I did some testing with PPTP and never got it to work in combination with NAT. When I removed NAT, it worked fine.
From: Bill Husler [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 7:58 PM
To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]>; Ryan Realivasquez
Subject: Re: [FW-1] PPTP through Checkpoint
Bill
On 9/30/02 6:46 PM, "Ryan Realivasquez" <[EMAIL PROTECTED]> wrote:
I am using Checkpoint 4.1 and I am trying to setup a PPTP VPN server using Win 2000. I have opened up the proper ports as well as the GRE IP protocol 47 in the firewall. For some reason though, I will connect to the server and the client will attempt to login, but I get an error 721 on the win 2000 vpn client. I have read where this error can indicate that GRE traffic is not getting through, but I used the PPTP test tool that is on the Win2000 server CD and it says that GRE traffic is getting through. Any ideas? I am using a Static NATted Win 2000 server, and a win 2000 pro client.
Thanks,
Ryan
