Pptp example – Netopia R910 User Manual
Page 99
Virtual Private Networks (VPN) 10-99
P
P
P
PP
P
P
PTT
T
TP
P
P
P ee
e
exxxxaa
a
am
m
m
mp
p
p
pllllee
e
e
To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP
packets specifically destined for por t 1723. The source por t may be dynamic, so often it is not useful to apply
a compare function upon this por tion of the control/negotiation packets. You must also set the firewall to allow
inbound and outbound GRE packets, enabling transpor t of the tunnel payload.
From the Main Menu navigate to Display/Change IP Filter Set, and from the pop-up menu select Basic Firewall.
Select Display/Change Input Filter.
Display/Change Input Filter screen
For Input Filter 1 set the Destination Por t information as shown below.
Main
Menu
System
Filter
Sets
IP Filter
Sets
Display/Change
IP Filter Set
Configuration
Basic
Firewall
+-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+
+-------------------------------------------------------------------------+
| 1 0.0.0.0 0.0.0.0 TCP NC =1723 Yes Yes |
| 2 0.0.0.0 0.0.0.0 GRE -- -- Yes Yes |
| |
Change Input Filter 1
Enabled: Yes
Forward: Yes
Source IP Address: 0.0.0.0
Source IP Address Mask: 0.0.0.0
Dest. IP Address: 0.0.0.0
Dest. IP Address Mask: 0.0.0.0
Protocol Type: TCP
Source Port Compare... No Compare
Source Port ID: 0
Dest. Port Compare... Equal
Dest. Port ID: 1723
Established TCP Conns. Only: No