CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > VPN's (Virtual Private Networks)
Microsoft VPN Microsoft VPN
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-03-27
Junior Member
  
Join Date: 2006-03-27
Posts: 1
Rep Power: 0
JakeHere has an average reputation (10+)
Default Microsoft VPN
Hi Guys,

I know this one has probabaly been answered time and time again. I am struggling with good old microsoft vpn connections being initiated from behind my NG w/AI (R55) to external customers sites. I have done the usual enabling pptp and gre ports and protocols and tried creating a host that was statically nat'ed as apposed to a hide. Still no luck. I can see incoming prot 47 being blocked on my deny all rule even though it is allowed by previous rules.

Any suggestions would be great...

Thanks

Jake.
Reply With Quote
  #2 (permalink)  
Old 2006-03-27
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Microsoft VPN
Check to make sure your not blocking it in SmartDefense.
Reply With Quote
  #3 (permalink)  
Old 2006-03-28
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 4
Sergej has an average reputation (10+)
Default Re: Microsoft VPN
There was some nat traversal improvements in the HFA. But if I remember correctly this was in the earlier versions (pre R55). R55 must support it initially.

During IPSEC session initialization we can see some dropped GRE packets. But actually all the GRE traffic must be encrypted inside IPSEC. Am I wrong?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 00:09.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0