Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7241
  • Last Modified:

Comcast SMC Modem blocking PPTP

Hi,

We have a Comcast Business SMC Networks modem hardware version 1B and are having problems getting PPTP to pass through.  I have called Comcast and they say it should work.  The only options for port forwarding on this modem are for TCP and UDP.  We need the GRE packet forwarded to enable PPTP to reach the server.  If we enable DMZ to the server, we can VPN to the server.  However, this opens up all ports.  We have called in and asked if they can enable PPTP passthrough on their end and they say they cannot.  Is there a way to forward the GRE packet on this modem without using DMZ?  
0
OAC Technology
Asked:
OAC Technology
  • 4
  • 2
1 Solution
 
Darr247Commented:
According to http://www.iana.org/assignments/port-numbers PPTP should use TCP or UDP port 1723.
Did you try forwarding port 1723 on both TCP and UDP?
0
 
OAC TechnologyProfessional NerdsAuthor Commented:
yes, it is already forwarded.
0
 
Darr247Commented:
Does the comcast unit have port triggering, too?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
OAC TechnologyProfessional NerdsAuthor Commented:
yes
0
 
Darr247Commented:
With 1723 TCP/UDP entered in the port triggering can you initiate the connection going in the other direction?

Here is the technical description of PPTP connections:
http://www.ietf.org/rfc/rfc2637.txt?number=2637
Rather dry reading, though.

You don't mention what OS either end is using, but if they're microsoft, here are some troubleshooting tips:
http://support.microsoft.com/kb/241251
http://support.microsoft.com/kb/241252
http://support.microsoft.com/kb/164601

I also saw a couple articles that described a problem that occurs when both ends are using subnets that can appear in the subnets of the other end too (e.g. 10.10.10.0/24 and 10.10.0.0/18) ... but your description doesn't mention the other end employing a private subnet from behind a router.

Do you have another router to try forwarding port 1723 on so you can ask comcast to replace the SMC unit if that works?
Do you have to manually apply firmware updates to the SMC or are they pushed out automatically by comcast during low-traffic periods?
0
 
SublimeComputerServicesPresidentCommented:
This is an old post but Comcast has added the GRE protocol in the port forwarding tab of the firewall.

You have to create two rules:

You still have to have port 1723 forwarded to your server.  Then you add the GRE protocol to forward to your server as well.
0
 
Darr247Commented:
Another update...
The Internet Assigned Numbers Authority (IANA) has changed the link to their list of well-known/assigned ports...

here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now