[pptp-server] Cisco firewall rules
Alaa AlAmood
aaa at netman.dk
Tue Mar 20 03:19:26 CST 2001
Hi
I defined two rules in my firewall
access-list 110 permit gre any host SERVER_IP_ADDRESS
access-list 110 permit tcp any host SERVER_IP_ADDRESS eq 1723
they should solve the problem
have fun
regards
Alaa
Dale Bewley wrote:
> Yes that is right.
>
> remark - pptp control
> permit tcp any 1.1.1.1 0.0.0.0 eq 1723
> remark - pptp data
> permit gre any 1.1.1.1 0.0.0.1
>
> On 15 Mar 2001, Fabien Penso wrote:
> > Hi,
> > I do setup a pptp server inside a network. The Cisco has an access list
> > which prevent everything to get in. I added:
> >
> > access-list 110 permit tcp any 213.XX.XX.XX 0.0.0.0 eq 1723
> >
> > so people outside can get into the pptp. It looks to works but then the
> > GRE doesn't go through. I thought GRE was open by default, I guess the
> > last line:
> >
> > access-list 110 deny ip any any
> >
> > stop that. It the following line correct if I want to let GRE as input ?
> >
> > access-list 110 permit 47 any 213.XX.XX.XX 0.0.0.0
> >
> > As far as I have read the FAQ, I need to open GRE which is protocol 47,
> > but I'm not really good for cisco firewall rules, so I would prefer a
> > confirm from someone here.
> >
> > Thanks.
> >
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
>
> --
> Dale Bewley - Bewley Internet Solutions Inc. http://bewley.net/
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list