Virtual Private Networks (VPNs)
For PPTP negotiation to work, TCP packets inbound and outbound destined for port 1723 must be allowed. Likewise, for ATMP negotiation to work, UDP packets inbound and outbound destined for port 5150 must be allowed. Source ports are dynamic, so, if possible, make this flexible, too. Additionally, PPTP and ATMP both require a firewall to allow GRE
The following sections illustrate a sample filtering setup to allow either PPTP or ATMP traffic to cross a firewall:
•"PPTP example" on page 4-26
•"ATMP example" on page 4-28
Make your own appropriate substitutions. For more information on filters and firewalls, see Chapter 9, “Security.”.