VPN - PPTP Ports

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am running a Windows 2000 PPTP VPN, which is currently firewalled with a
Linksys BEFSX41 Firewall / Router. I have mapped port 1723 on the Router to
port 1723 on the server, everything works fine.

When I put a Netscreen 5GT firewall and creat policy allowing port 1723 to
pass through to the server and deny all other ports, the VPN does not work.

Are there any ports other than TCP Port 1723 and GRE (IP Protocol 47)
required to make the VPN Work. Can I deny all other ports except TCP Port
1723 and still make the VPN work?

Thanks,

dave b
 
dave b said:
I am running a Windows 2000 PPTP VPN, which is currently firewalled with a
Linksys BEFSX41 Firewall / Router. I have mapped port 1723 on the Router to
port 1723 on the server, everything works fine.

When I put a Netscreen 5GT firewall and creat policy allowing port 1723 to
pass through to the server and deny all other ports, the VPN does not work.

Are there any ports other than TCP Port 1723 and GRE (IP Protocol 47)
required to make the VPN Work. Can I deny all other ports except TCP Port
1723 and still make the VPN work?
Click to expand...

Sounds like you have everything right. But the Netscreen box may not handle
the GRE properly. GRE is not a "port" and is not handled the same as Port
1723. The feature used for GRE is most commonly called "VPN Pass-Through"
and not all SOHO Devices can do it.
 
TCP Port 1723 and GRE (IP Protocol 47) are all you need. can you telnet port 1723?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I am running a Windows 2000 PPTP VPN, which is currently firewalled with a
Linksys BEFSX41 Firewall / Router. I have mapped port 1723 on the Router to
port 1723 on the server, everything works fine.

When I put a Netscreen 5GT firewall and creat policy allowing port 1723 to
pass through to the server and deny all other ports, the VPN does not work.

Are there any ports other than TCP Port 1723 and GRE (IP Protocol 47)
required to make the VPN Work. Can I deny all other ports except TCP Port
1723 and still make the VPN work?

Thanks,

dave b
 
Back
Top