What
do the logs say? You can't really NAT PPTP, it generally only works for the
first connection. Any subsequent connections will fail uintil the first
connection has timed out.
Maybe
you should use Secureclient/securemote, and run the PPTP session through the
Client to Firewall VPN.
FIrst
things first, try to connect, and check the logs, they are your friend
:)
�-----Original Message-----
From: Ryan Realivasquez [mailto:[EMAIL PROTECTED]]
Sent: 01 October 2002 07:25
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] PPTP through CheckpointYes, I have 2 rules defined. I have one going Any -> VPN (service ->any) as well as VPn -> any (service -> any). I have also tried Any -> VPN (service: PPTP, GRE [ip_p = 47]) and VPN -> any (service PPTP, GRE) and I still get the same error code 721 on the win 2000 client. If you look at error code 721 it defines it as a problem with the PPP protocol in that a PPP link was not able to be established. From what I understand, a connection is made, and then where the PPP comes in is creating an encrypted channel for the passing of authentication information and eventually the creation of the IP tunnel. I believe I am getting stuck at the authentication part because on the status indicator on the client, I always see 2 messages. One is connecting, and the other says verifying username and password and it always hangs on the latter. I have checked and double checked to make sure that the username and password is correct and that the users are allowed to connect via VPN. I have connected to the VPN server from a client on the internal lan with no problems but that is pointless. I need it to work through the firewall.Thanks for your help.Ryan-----Original Message-----
From: Su, Michael [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 9:55 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] PPTP through CheckpointStatic NAT will work for PPTP. Did you allow returning GRE to your PPTP client from your PPTP server?Michael SuSecurity EngineerAtos Origin
-----Original Message-----
From: Ryan Realivasquez [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 1 October 2002 2:20 PM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] PPTP through CheckpointHow do I get away from NAT while behind a Checkpoint 4.1 firewall? I am currently using Static NAT to translate a routable IP to the server's internal IP. Is there another way than that?Thanks,Ryan-----Original Message-----I did some testing with PPTP and never got it to work in combination with NAT. When I removed NAT, it worked fine.
From: Bill Husler [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 7:58 PM
To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]>; Ryan Realivasquez
Subject: Re: [FW-1] PPTP through Checkpoint
Bill
On 9/30/02 6:46 PM, "Ryan Realivasquez" <[EMAIL PROTECTED]> wrote:
I am using Checkpoint 4.1 and I am trying to setup a PPTP VPN server using Win 2000. I have opened up the proper ports as well as the GRE IP protocol 47 in the firewall. For some reason though, I will connect to the server and the client will attempt to login, but I get an error 721 on the win 2000 vpn client. I have read where this error can indicate that GRE traffic is not getting through, but I used the PPTP test tool that is on the Win2000 server CD and it says that GRE traffic is getting through. Any ideas? I am using a Static NATted Win 2000 server, and a win 2000 pro client.
Thanks,
Ryan
