[pptp-server] Forwarding GRE

Scott M. Stone sstone at foo3.com
Thu Oct 19 18:44:42 CDT 2000 

On Thu, 19 Oct 2000, Barry Treahy, Jr. wrote:

> One minor problem with that and I'm waiting to hear from what's left of Livingston support;
> the recent upgrades chop the available memory in half and there are all sorts of warnings
> about truncation of configurations and filters, but none of the release notes even discuss
> GRE...  I can't afford an upgrade, loosing filters, only to find out it still may not work.
> The problem is that there are 4 or 5 IRX models, I need to be sure its worth the cost...

you're probably right.  You're much better off replacing the IRX with a
nice router/firewall combination from Cisco, IMHO.  That's what I'm doing
tomorrow, actually, replacing the 6-year-old IRX firewall with a Cisco
2611 router to talk to the T1, and behind that a pair of redundant
hot-failover-enabled Cisco PIX 520 firewall boxes.  Better security, more
features, excellent support.  The PIX also will support both PPTP and
IPSEC out of the box, if you're running the 5.2 version of the PIX
software and you ahve the strong crypto license.

> 
> Regards,
> 
> Barry
> 
> "Scott M. Stone" wrote:
> 
> > On Thu, 19 Oct 2000, Barry Treahy, Jr. wrote:
> >
> > > Not according to my IRX211:
> > >
> > > IX2> set filter external.in 52 permit 207.254.0.0/16 207.254.14.190/32 47
> > > Unknown Filter: 47
> > > Error: Usage: set filter name item_no permit|deny [ip_source/mask] [ip_dest/mask]
> > >             [tcp|udp|icmp] [src lt|eq|gt port_no] [dst lt|eq|gt port_no]
> > >             [established]
> >
> > hm, sounds like your version of it only wants tcp, udp, or icmp.  See if
> > you can get a ComOS update for it.
> >
> > >
> > > Barry
> > >
> > > "Scott M. Stone" wrote:
> > >
> > > > On Thu, 19 Oct 2000, Barry Treahy, Jr. wrote:
> > > >
> > > > >
> > > > > "Scott M. Stone" wrote:
> > > > >
> > > > > >
> > > > > > what kind of firewall?  You need to forward the UDP port and the GRE IP
> > > > > > protocol.
> > > > >
> > > > > Mine is an older Livingston IRX211 which doesn't appear to allow for GRE and I ran
> > > > > into the same problem with ipfwadm...
> > > >
> > > > hm, we have a Livingston IRX here.. works.. you may need to specify the IP
> > > > protocol by number instead of by name, though.  I'm not sure, I don't run
> > > > the Livingston.. I'm just replacing it :)
> > > >
> > > > --------------------------
> > > > Scott M. Stone, CCNA <sstone at taos.com>
> > > > UNIX Systems and Network Engineer
> > > > Taos - The SysAdmin Company
> > >
> > > --
> > >
> > > Barry Treahy, Jr  *  Midwest Microwave  *  Vice President & CIO
> > >
> > > E-mail: Treahy at mmaz.com * Phone: 480/314-1320 * FAX: 480/661-7028
> > >
> > >
> > >
> >
> > --------------------------
> > Scott M. Stone, CCNA <sstone at taos.com>
> > UNIX Systems and Network Engineer
> > Taos - The SysAdmin Company
> 
> --
> 
> Barry Treahy, Jr  *  Midwest Microwave  *  Vice President & CIO
> 
> E-mail: Treahy at mmaz.com * Phone: 480/314-1320 * FAX: 480/661-7028
> 
> 
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company

More information about the pptp-server mailing list