RE: VPN

From: Rick Darsey (rdarsey@aims1.com)
Date: 12/30/02

  • Next message: Ted Frederick: "RE: VPN" 
    From: "Rick Darsey" <rdarsey@aims1.com>
To: "Luan Rocha" <luan_rocha@brturbo.com>, "Security basics" <security-basics@securityfocus.com>
Date: Mon, 30 Dec 2002 12:43:53 -0600

    It sounds like either your router, or the Windows 2000 server is blocking
    VPN traffic from outside the LAN. You need to open several ports on the
    router to allow the VPN tunnel to terminate at the Windows 2000 server.

    Here is a partial list:

    access-list 101 permit gre any host xxx.xxx.xxx.xxx
    access-list 101 permit ahp any host xxx.xxx.xxx.xxx
    access-list 101 permit esp any host xxx.xxx.xxx.xxx
    access-list 101 permit udp any host xxx.xxx.xxx.xxx eq 1701
    access-list 101 permit udp any host xxx.xxx.xxx.xxx eq isakmp
    access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq 1723

    This is from a CISCO router, but the port numbers and protocol types are the
    same. The xxx.xxx.xxx.xxx is the IP address of the Windows 2000 server.

    Also, look at the filtering on the Windows 2000 server. You can block
    traffic on a specific interface based on port numbers, etc. By default,
    nothing is blocked, but you may want to look into it. To find the filters,
    right click on the adapter in question, select properties, then select
    TCP.IP (internet protocol) properties, then advanced, then options, and look
    for TCP Filtering.

    Hope this helps

    Rick Darsey

    -----Original Message-----
    From: Luan Rocha [mailto:luan_rocha@brturbo.com]
    Sent: Saturday, December 28, 2002 12:24 PM
    To: Security basics
    Subject: VPN

    Hey,
       I'm configuring a server(win2000 advanced server) to provide internet for
    the inside network and
    a VPN to do the maintaining. But i dont know why, i only can access the VPN
    through the inside
    network, but from internet i get an error that my server is not responding.
       The access from the network to the internet is ok. Only the VPN that
    isn't allright.
       In the server i have DHCP, ROUTER, DNS, RAS and VPN configured.
       The modem has a ROUTER and some FILTERS configured.
       Any sugestions?

    Thanks in advance,
    Luan Rocha

    Relevant Pages

    • ~~~~~~~~~~~~~~ IP ADDRESS ~~~~~~~~~~~~~~
      ... block my ip address vista windows ... change public ip address linksys router ... setting up a network ip address ... warcraft server ip address ...
      (sci.misc)
    • RE: VPN Configuration error
      ... Remote Access wizard to configure VPN. ... How to move the client programs folder to another location in Windows Small ... or if the SBS SP1 did not finish the installation. ... On the SBS server, click Start, click Run, type "regedit" (without the ...
      (microsoft.public.windows.server.sbs)
    • Re: vpn cant access shares
      ... I am establishing a vpn to a windows 2003 R2 domain controller that is ... behind a Linksys RV042 router using the pptp server built in it. ... I tried the same thing on a win2k server behind the same exact router ...
      (microsoft.public.windows.server.networking)
    • Re: VPN with SBS Premuim
      ... Windows 2003 SP2 networking issues, and then re-ran the CEICW again this time ... I understand that after installing ISA 2004 on the SBS ... server, VPN does not work. ... if you installed SP2 on the SBS server without ...
      (microsoft.public.windows.server.sbs)
    • RE: VPN Problem, PC not Authenticating with Server
      ... is the VPN server, SBS or router? ... Regarding the configuration of L2TP VPN, please also refer to the following ... 818043 L2TP/IPsec NAT-T update for Windows XP and Windows 2000 ... Computer certificates for L2TP/IPSec VPN connections ...
      (microsoft.public.windows.server.sbs)