Firewall log explanation help needed. GRE protocol and VPN traffic

Posted on 2006-05-13
Last Modified: 2008-02-01
This is from my firewall:

1)    64608    5      GRE     LAN     WAN is RRAS server on the internal network

This should be return trafic from incoming VPN.
It uses GRE protocol. Could you please explain what is the function of GRE protocol (in PPTP connection)?

What the destination address suposed to do with this GRE packets?
Question by:howei
    LVL 77

    Accepted Solution

    You connection is made using port 1723 which is PPTP but the communications is done using the GRE encapsulation using protocol 47 (not port 47). This needs to be allowed to pass which on most routers is done by enabling "PPTP pass-through".  Without allowing GRE pass through, you may be able to establish a connection but not gain access to any resources through your VPN tunnel. IP is likely the computer (the VPN server) and is probably the connecting computer's public IP address, but it may vary depending on the log file you are looking at.
    GRE explanation:

    LVL 2

    Assisted Solution

    GRE (Generic Routing Encapsulation) was developed by Cisco.  It allows the encapsulation of packets inside of an IP packet.  GRE is a network layer protocol, as is TCP and UDP.  One of the nice things about GRE is that it allows you to tunnel any protocol through a VPN so you could tunnel IPX/SPX or IP or whatever without issues.

    The remote end uses the data that is inside (encapsulated) for the VPN connection.  You can compare this to a letter sent through the mail.  The writing on the outside of the envelope is the PPTP protocol, everyone can read it and it gets the letter(packet) to the remote end.  Once at the destination, you open the envelope(GRE) to read the contents.  If you were not using a VPN, the packet would be like a postcard where the address and the contents are available for for everyone to read.

    PPTP is available in all versions of Windows.  It is not as secure as IPSec but it is widely used in a Windows environment because of it ease of setup.
    LVL 77

    Expert Comment

    by:Rob Williams
    Thanks howei,

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now