Thanks for all who responded to this query. FYI: The PPTP Client uses
TCP Port 1723 to communicated with the server. Still having problems
with authenication for remote client.
>----------
>From: rbc @
lava .
net[SMTP:rbc @
lava .
net]
>Sent: Thursday, October 31, 1996 3:49 PM
>To: Russ .
Cooper .
RC .
on .
ca @
GreatCircle .
COM
>Cc: Jarmon, Don R; firewalls @
GreatCircle .
COM
>Subject: RE: PPTP setup
>
> From: Russ <Russ .
Cooper .
RC .
on .
ca @
GreatCircle .
COM>
> Date: Fri, 1 Nov 1996 01:12:13 -0500
> MIME-Version: 1.0
> X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0)
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
> Sender: firewalls-owner @
GreatCircle .
COM
> Precedence: bulk
>
> Don Jarmon asked...
> >I was planning to add a Dual NIC NTS4.0 server to a DMZ. One
> >NIC configured to support PPTP and the other NIC connected
> >to the Intranet. I was wondering 'bout what type of access is
> >needed on the boundry router to support Remote PPTP enabled
> >Internet Clients.
>
>According to the internet draft the PNS, (PPTP Network Server)
>receives an incoming TCP call on port 5678. If that is true then the
>DMZ external router would need to allow an incoming TCP call on port
>5678 of the pptp server.
>
>In a cisco, that would look something like this:
>
>! pptp incoming to PNS
>access-list 100 permit tcp 0.0.0.0 255.255.255.255 XXX.XXX.XXX.XXX 0.0.0.0 eq
>5678
>
>(where XXX.XXX.XXX.XXX is the PNS server IP address)
>
>This access list could be refered to in the external interface setup
>with a "ip access-group 100 in". You might need to have additional
>filter entries if you filter outbound packets from your DMZ router's
>internal interface.
>
>I haven't tried this but it seems reasonable,
>
> --Bruce
>
>--
>Robert B. Carleton + rbc @
lava .
net + http://www.lava.net/~rbc
>
Follow-Ups:
|
|
