RE: RRAS with PPTP connections security

From: Chris Odell (chris@odellnet.com)
Date: 09/18/02

Previous message: mjans001: "RE: RRAS with PPTP connections security"
In reply to: Evan Mann: "RRAS with PPTP connections security"
Next in thread: mjans001: "RE: RRAS with PPTP connections security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Chris Odell" <chris@odellnet.com>
To: "'Evan Mann'" <emann@questinc.org>, <focus-ms@securityfocus.com>
Date: Tue, 17 Sep 2002 18:20:01 -0700

In my small experience, I have always added a second adapter in a DMZ
zone with pptp filtering checked in the adapter properties.

Just my 2 cents....

-----Original Message-----
From: Evan Mann [mailto:emann@questinc.org]
Sent: Tuesday, September 17, 2002 12:14 PM
To: focus-ms@securityfocus.com
Subject: RRAS with PPTP connections security

I am looking into allowing more users access to our network from home.
Currently I do this using MS PPTP connections from Win2000 Pro machines
to
my Watchguard Firebox II.

I am investigating switching from use the FBII as a point of
authentication
to using a private side Win2000 RRAS server. I have setup a 1-to-1 NAT
(as
watchguard calls it) to allow PPTP connections (tcp 47 and 1723) to my
RRAS
server. The setup works fine and I can hit the RRAS server and
authenticate
just like a charm.

What I don't know is what kind of security hazards I am opening myself
up to
now that I've opened up tcp 47/tcp 1723 at the firebox level and let it
bypass the firewall and hit a private side server whichs runs RRAS and
allows PPTP connections.

Be aware that tcp 47/tcp 1723 are the ONLY ports that cna hit this
server
frm the outside with the way I have the firewall configured.

Can you please enlighten me as to why I may NOT want to go with this
configuration, and how I can secure it further if I do decide to go with
it.

Previous message: mjans001: "RE: RRAS with PPTP connections security"
In reply to: Evan Mann: "RRAS with PPTP connections security"
Next in thread: mjans001: "RE: RRAS with PPTP connections security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: RRAS with PPTP connections security
... The authentication check should be done at the perimeter ... > Currently I do this using MS PPTP connections from Win2000 ... > to using a private side Win2000 RRAS server. ...
(Focus-Microsoft)
RE: RRAS with PPTP connections security
... Authenticate from there ... Onderwerp: RE: RRAS with PPTP connections security ... authentication to using a private side Win2000 RRAS server. ...
(Focus-Microsoft)
Re: VPN error 691
... RRAS is setup for PPTP connections. ... authentication protocol is not permitted. ... No authentication settings were changed as far as I know on the RRAS ... The RRAS server is part of a domain. ...
(microsoft.public.windows.server.networking)
Re: VPN Error 733, Event Log Error 20050 with SBS 2003 - revisited
... First, we need to ensure the RRAS is running in a clean environment, make ... SBS Server from the LAN client directly by following this KB: ... How to configure a VPN connection to your corporate network in Windows XP ... the CEICW Wizard and the remote access wizard. ...
(microsoft.public.windows.server.sbs)
Re: 2 nic setup cant access internet
... If you are using the SBS with RRAS, ... Unattached all modems from the SBS server. ...
(microsoft.public.windows.server.sbs)