How can I open IP protocol 47 (GRE) in PIX firewall?

Hi Expert,
I'm facing trouble related to establish VPN between our network and remote company, as trouble shooting the remote side inform me that Generic Route Encapsulation (GRE) protocol not open in our firewall, and needed to check and open it.
How can I check the opened IP protocol, and how can I open this GRE protocol , protocol # 47 ?

Thanks ,,,
MesferAsked:
Who is Participating?
 
Alan Huseyin KayahanCommented:
       Hi Mesfer
                fixup protocol pptp 1723
                 Above should fix it, if it does not, then
access-list outside_access_in permit tcp any host <public IP of VPN server> eq pptp
access-list outside_access_in permit gre any host <public IP of VPN server>
access-group outside_access_in in interface outside

Regards
0
 
lrmooreCommented:
The fixup protocol pptp 1723 should fix it for PIX 6.3
For ASA and PIX 7.0 use inspect
hostname(config)# class-map pptp-port
hostname(config-cmap)# match port tcp eq 1723
hostname(config-cmap)# exit
hostname(config)# policy-map pptp_policy
hostname(config-pmap)# class pptp-port
hostname(config-pmap-c)# inspect pptp
hostname(config-pmap-c)# exit
hostname(config)# service-policy pptp_policy interface outside
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
 
Johnet_DatasystemerCommented:
Solution from lrmoore worked for me! Thanx!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.