[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Firewall log explanation help needed. GRE protocol and VPN traffic

Posted on 2006-05-13
Medium Priority
Last Modified: 2008-02-01
This is from my firewall:

1)    64608    5      GRE     LAN     WAN is RRAS server on the internal network

This should be return trafic from incoming VPN.
It uses GRE protocol. Could you please explain what is the function of GRE protocol (in PPTP connection)?

What the destination address suposed to do with this GRE packets?
Question by:howei
  • 2
LVL 78

Accepted Solution

Rob Williams earned 500 total points
ID: 16674220
You connection is made using port 1723 which is PPTP but the communications is done using the GRE encapsulation using protocol 47 (not port 47). This needs to be allowed to pass which on most routers is done by enabling "PPTP pass-through".  Without allowing GRE pass through, you may be able to establish a connection but not gain access to any resources through your VPN tunnel. IP is likely the computer (the VPN server) and is probably the connecting computer's public IP address, but it may vary depending on the log file you are looking at.
GRE explanation: http://support.microsoft.com/?kbid=241251


Assisted Solution

slyskawa earned 500 total points
ID: 16677429
GRE (Generic Routing Encapsulation) was developed by Cisco.  It allows the encapsulation of packets inside of an IP packet.  GRE is a network layer protocol, as is TCP and UDP.  One of the nice things about GRE is that it allows you to tunnel any protocol through a VPN so you could tunnel IPX/SPX or IP or whatever without issues.

The remote end uses the data that is inside (encapsulated) for the VPN connection.  You can compare this to a letter sent through the mail.  The writing on the outside of the envelope is the PPTP protocol, everyone can read it and it gets the letter(packet) to the remote end.  Once at the destination, you open the envelope(GRE) to read the contents.  If you were not using a VPN, the packet would be like a postcard where the address and the contents are available for for everyone to read.

PPTP is available in all versions of Windows.  It is not as secure as IPSec but it is widely used in a Windows environment because of it ease of setup.
LVL 78

Expert Comment

by:Rob Williams
ID: 16770481
Thanks howei,

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question