RE: vpn passthrough on Netgear FVM318

["Smith, Chris" <csmith () Calence com>]

GRE is not port 47, it is protocol 47 (TCP=protocol 6, icmp=protocol 1, etc.).  It is a distinct layer 4 protocol, like 
tcp and udp, that runs over IP (which is layer three of the OSI model).  If the netgear only provides tcp and udp 
transport, GRE will not function.

List of protocol numbers: http://www.iana.org/assignments/protocol-numbers

C. Smith

-----Original Message-----
From: David Y. Ng [mailto:dng () cmhsweb org]
Sent: Monday, August 25, 2003 1:24 PM
To: security-basics () securityfocus com
Subject: vpn passthrough on Netgear FVM318


Has anyone used a Netgear FVM318 Firewall/Router?
http://www.netgear.com/products/prod_details.asp?prodID=159&view=sb

I need it to allow VPN passthrough to a Windows 2000 VPN Server.
I can only add services (ports) as either TCP or UDP. I needed
to add Internet Protocol 47 (GRE) but can't since, like I said, it only
allows you to add either TCP or UDP.

I asked Netgear techsupport about this and was told that if I select
TCP/UDP (or both) for port 47, it's supposed to still work. I haven't
had much success with what they told me. Anyone with experience on this?
Thank you


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------