Virtual Private Networks (VPNs) 12-23

PPTP example

To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.

From the Main Menu navigate to Display/Change IP Filter Set, and from the pop-up menu select Basic Firewall.

Main

 

 

System

 

Menu

 

 

Configuration

 

 

 

 

 

 

Select Display/Change Input Filter.

Display/Change Input Filter screen

Filter Sets

IP Filter

Sets

Display/Change

IP Filter Set

Basic

Firewall

+-#----

Source IP Addr----

Dest IP Addr------

Proto-Src.Port-D.Port--

On?-Fwd-+

+-------------------------------------------------------------------------

 

 

 

 

+

1

0.0.0.0

0.0.0.0

TCP

NC

=1723

Yes Yes

2

0.0.0.0

0.0.0.0

GRE

--

--

Yes Yes

 

 

 

 

 

For Input Filter 1 set the Destination Port information as shown below.

Change Input Filter 1

Enabled:Yes

Forward:Yes

Source IP Address:

0.0.0.0

Source IP Address Mask:

0.0.0.0

Dest. IP Address:

0.0.0.0

Dest. IP Address Mask:

0.0.0.0

Protocol Type:

TCP

Source Port Compare...

No Compare

Source Port ID:

0

Dest. Port Compare...

Equal

Dest. Port ID:

1723

Established TCP Conns. Only:

No

Page 165
Image 165
Netopia 4753 manual Pptp example