How to pass GRE Protocol Type 47 through Symantec SGS 320 Firewall Appliance

[Olaf Windh?user]

Have you ever managed to route protocol type 47 GRE through a Symantec
SGS 320 Appliance?

I have PPTP 1723 already open / UDP 500 is also open.

I can connect and auth to the VPN server if I just let everything out
under outbound rules.

I'd still like to switch back to my old settings, that I only let a
few things out of the firewall.

The problem is that I don't know how to configure GRE type 47 on the
Symantec box?

Just for info:

PPTP consists of a control channel (standard TCP port 1723) and a
data channel (*non-standard* UDP port 500) to carry the private
network traffic. The glitch is that the data channel uses IP
protocol number 47 (GRE), a generic encapsulation protocol
(RFC1701). Most firewalls don't forward non-standard protocols
and to make matters worse, Microsoft "extended" the GRE protocol
to something they call GRE2.

To get our firewall to allow NAT'd internal machines to see
an external PPTP server behind someone elses firewall required an
extra gadget to forward the initial 500/udp ISAKMP key-exchange
and extended kernel support for IP protocol 47.

Thanks for your help

Regards

Olaf

[Eirik]

> The problem is that I don't know how to configure GRE type 47 on the
> Symantec box?

GRE is port 0 on protocol 47 if that helps

Eirik

[Olaf Windh?user]

"Eirik" <b...@bla.bla> wrote in message news:<4136f0c4$1...@news.broadpark.no>...

How do you mean that Eirik?