How to pass GRE Protocol Type 47 through Symantec SGS 320 Firewall Appliance

Have you ever managed to route protocol type 47 GRE through a Symantec SGS 320 Appliance?

I have PPTP 1723 already open / UDP 500 is also open.

I can connect and auth to the VPN server if I just let everything out under outbound rules.

I'd still like to switch back to my old settings, that I only let a few things out of the firewall.

The problem is that I don't know how to configure GRE type 47 on the Symantec box?

Just for info:

PPTP consists of a control channel (standard TCP port 1723) and a data channel (*non-standard* UDP port 500) to carry the private network traffic. The glitch is that the data channel uses IP protocol number 47 (GRE), a generic encapsulation protocol (RFC1701). Most firewalls don't forward non-standard protocols and to make matters worse, Microsoft "extended" the GRE protocol to something they call GRE2. To get our firewall to allow NAT'd internal machines to see an external PPTP server behind someone elses firewall required an extra gadget to forward the initial 500/udp ISAKMP key-exchange and extended kernel support for IP protocol 47. Thanks for your help Regards Olaf

Reply to
Olaf Windh?user
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.