PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol. IKEv2 uses UDP 500 for the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP) and UDP 4500 for NAT traversal.

UDP 500, UDP 4500, UDP 1701, ESP 50 Layer 2 Tunneling Protocol VPN (PPTP) blocked. Is there a solution? - Networking oman Jan 29, 2010 Port numbers - MTA Exam 98-366: Networking Fundamentals

The main problem i see with PPTP is the package payload (GRE packets). I could see the TCP control channel getting redirected, but once the data flows (GRE encapsuled packets) I dont think it is possible (i.e. there is no port number in the data).

Apr 24, 2019

Windows VPN client connect on different port - Server Fault

Nothing unusual, unless the console platform uses one of the above port numbers as a source port in its messaging. For example, the console application running on the Host sends an RMCP ping and uses 623 as both the destination and source port. The remote platform will receive the ping and send the response, but the console platform will route To enable VPN tunnels between individual host computers or entire networks that have a firewall between them, you must open the following ports: PPTP. To allow PPTP tunnel maintenance traffic, open TCP 1723. To allow PPTP tunneled data to pass through router, open Protocol ID 47. L2TP over IPSec. To allow Internet Key Exchange (IKE), open UDP 500. A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a GRE tunnel to the same peer. The PPTP GRE packet format is non standard, including a new acknowledgement number field replacing the typical routing field in the GRE header. However, as in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47. Jul 09, 2020 · PPTP uses General Routing Encapsulation tunneling to encapsulate data packets. It uses TCP port 1723 and IP port 47 through the Transport Control Protocol. PPTP supports up to 128-bit encryption keys and Microsoft Point-to-Point Encryption standards. Dec 20, 2019 · PPTP Port Address Translation. The PPTP Port Address Translation feature supports the Point-to-Point Tunneling Protocol (PPTP) application layer gateway (ALG) for Port Address Translation (PAT) configuration. PAT configuration requires the PPTP ALG to parse PPTP packets. Dec 07, 2005 · To allow PPTP tunneled data to pass through router, open Protocol ID 47. L2TP over IPSec To allow Internet Key Exchange (IKE), open UDP 500. To allow IPSec Network Address Translation (NAT-T) open UDP 4500. To allow L2TP traffic, open UDP 1701. Here’s the Cisco access list: (gre=Protocol ID 47, pptp=1723, isakmp=500)