PPTP port numbers


Jane Tunnicliff

I am trying to configure an IPSec firewall on our Win 2 K
RAS server. Our RAS server is running as a remote access
server,not a router.

I need to figure out which ports to leave open for VPN
(PPTP) connections. Itlooks to me that the server PPTP
connections are on random ports like 1034, 1042, 1048,
1051, etc.

Does anyone know exactly what the range is for PPTP server
side connections?

Also is it possible to configure Microsoft's VPN to listen
for PPTP connections on a certain smaller range of port

thanks for any information on this.


Bill Grant

PPTP uses tcp port 1723 only. The only other thing it requires is GRE,
which is IP protocol 47 (not port 47). GRE is required because the encrypted
VPN data in enclosed in a packet with a GRE header.

IPSec requires udp port 500 for IKE.

In W2k, IPSec is usually set up to run with L2TP rather than PPTP. L2TP
uses udp port 1701 .

dave moses

But how do you open a firewall to allow the gre protocol

And what is the advantage tyo using the L2pt over the
pptp? Thanks!

Bill Grant

That depends on the individual firewall - they are all different. You
need it enabled for both incoming and outgoing traffic. Some mention it by
name (eg permit gre) some by number (ip protocol 47). Some small
firewall/routers refer to PPTP pass through mode to indicate allow GRE .

PPTP uses Microsoft encryption techniques. L2TP uses IPSec. Unless you
have experience with IPSec and Certificates you may find setting up
L2TP/IPSec pretty daunting.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question