Re: [FW-1] PPTP/HIDE NAT

[cisco4ng [Permanent Link]]

Betrand is absolutely correct.  as fas as the fwkern.conf is concerns, you have
  to create this file and place this parameter anywhere in this file.  if my 
memory serves
  me correctly, you can place others parameters in this file as well, like if 
your systems
  has more than 1GB of RAM, there is a parameter that you can place in this 
file.  
  Furthermore, if you want to be able to ping both the clusterXL and physical 
IP of the
  firewall, you have to place another parameter in this file as well.
   
  cisco4ng

Sascha Picchiantano <sascha AT PICCHIANTANO DOT DE> wrote:
  Upgrading to NG X is not an option right now. Where can I get some more info
on adding that line to the fwkern.conf file that Betrand mentioned? Can I
place that line anywhere in the file or does it have to go to a specific
place?

Thanks guys!

Sascha


> hi,
> 
> it's easier to upgrade to NG X and then configure
> pptp-enforcement in the smartdefense -> VPN settings ....
> 
> cheers
> reinhard
> 
> At 18:42 28.06.2006, you wrote:
>> Hi,
>> 
>> did you
>> 
>> - add the line fw_pptp_enforce_protocol=1 in the
>> $FWDIR/modules/fwkern.conf file
>> - declare the pptp_tcp service with type PPTP_TCP
>> 
>> Bertrand
>> 
>> 
>> 
>> 
>> 
>> Sascha Picchiantano @AMADEUS.US.CHECKPOINT.COM> le
>> 28/06/2006 17:49:04
>> 
>> Veuillez répondre à Mailing list for discussion of Firewall-1
>> 
>> 
>> Envoyé par : Mailing list for discussion of Firewall-1
>> 
>> 
>> 
>> Pour : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>> cc :
>> 
>> Objet : Re: [FW-1] PPTP/HIDE NAT
>> 
>> 
>> Hi,
>> 
>> I was just trying to set this up and regarding to Checkpoint's notes on
>> their website, we need to have R55 HFA10 or above to make this work. We
>> have
>> HFA17 but it doesn't work. When the client behind FW1 tries to initiate the
>> PPTP connection to an outside VPN system, that system tries to make a
>> connection back to our Hide-NAT address using IP protocol 47. FW1 drops
>> that.
>> 
>> Any idea what I might be doing wrong?
>> 
>> Thanks for your help!
>> 
>> Sascha
>> 
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
>> 
>> =================================================
>> To set vacation, Out-Of-Office, or away messages,
>> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>> in the BODY of the email add:
>> set fw-1-mailinglist nomail
>> =================================================
>> To unsubscribe from this mailing list,
>> please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>> =================================================
>> If you have any questions on how to change your
>> subscription options, email
>> fw-1-owner AT ts.checkpoint DOT com
>> =================================================
> 
> -- 
> Reinhard Stich r.stich AT internet-security DOT at
> Internet Security AG, 1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


                
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates 
starting at 1¢/min.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================