Wednesday, November 25, 2015

Packet filters for Point-to-Point Tunneling Protocol (PPTP)

Configure the following input filters with the filter action set to Drop all packets except those that meet the criteria below:
  • Destination IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and TCP destination port of 1723.

    This filter allows PPTP tunnel maintenance traffic from the PPTP client to the PPTP server.
  • Destination IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and IP Protocol ID of 47.

    This filter allows PPTP tunneled data from the PPTP client to the PPTP server.
  • Destination IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and TCP [established] source port of 1723.

    This filter is required only when the VPN server is acting as a VPN client (a calling router) in a router-to-router VPN connection. TCP [established] traffic is accepted only when the VPN server initiated the TCP connection.
Configure the following output filters with the filter action set to Drop all packets except those that meet the criteria below:
  • Source IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and TCP source port of 1723.

    This filter allows PPTP tunnel maintenance traffic from the VPN server to the VPN client.
  • Source IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and IP Protocol ID of 47.

    This filter allows PPTP tunneled data from the VPN server to the VPN client.
  • Source IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and TCP destination port of 1723.

    This filter is required only when the VPN server is acting as a VPN client (a calling router) in a router-to-router VPN connection. TCP [established] traffic is sent only when the VPN server initiated the TCP connection.

No comments:

Post a Comment