Re: VPN/Firewall Question

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 12/22/02 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Sun, 22 Dec 2002 08:38:57 -0500

I could be wrong, but I think there are other things to be opened up in
order to permit IPsec VPN, and they aren't TCP or UDP. For example, I'm
thinking of some or all of the protocols below:

      47 GRE Generic Routing Encapsulation
      50 ESP Encapsulation Security Protocol
      51 AH Authentication Header

I'm not sure if Norton will let you permit other protocols besides TCP, UDP
and ICMP or not. Check the web site for your VPN client to find out how to
get it working with firewalls. You should also check your firewall log to
see what if anything is being blocked.

"Robert M. Cohen" <robertmcohen@hotmail.com> wrote in message
news:OWI6NgXqCHA.2496@TK2MSFTNGP10...
> I know this is probably off the beaten path here, but I'm hoping someone
> might have an answer:
>
> I decided to try .NET Standard Server (RC2) and I also have Norton
Internet
> Security. They seem to work well enough together in general except for
VPN.
> When the Norton firewall is turned on it blocks incoming VPN sessions. It
> says that port 1723 isn't listening and the standard default is to block
> access to non-listening ports.
>
> I have tried to create a rule that allows access to port 1723 but that
> doesn't seem to make a difference. If I turn off port stealthing in the
> firewall then I can get through. I'd like to keep port stealthing on in
the
> general case and just unblock 1723.
>
> Does anyone have any experience in this area???
>
> Thanks,
> Bob Cohen
>
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.423 / Virus Database: 238 - Release Date: 11/25/2002

Relevant Pages

  • Re: Easy RRAS VPN question
    ... When NAT-T is used port 1701 UDP ... to go through a firewall directly then port 1701 UDP needs to be open. ... >> accessed from the internet. ...
    (microsoft.public.windows.server.networking)
  • Re: More on Remote Desktop
    ... I still won't be opening up a port on my firewall for it, ... The Remote Desktop ... > Yes a VPN will work just fine. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Unable to Connect Multiple VPN Clients via Linksys Router
    ... office's VPN using Cisco VPN Client 4.0.5client software over the ... behavior that when doing NAT on low UDP ports such as UDP port 500, ... they will not NAT the source port. ...
    (comp.dcom.sys.cisco)
  • Re: VPN
    ... Most SBS owners are going to have port 443 open for OWA and/or Exchange RPC ... If VPN is required additional ports need be ... RDP via RWW is inherently more secure due to this. ... Where I support your argument is if a proper firewall is implemented, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 R2 limited to 5 VPN connections although I have a 30
    ... Another nail in the idea's coffin is that the port limited VPN is likely to open just those ports which intrusion mechanisms target (ie./eg. ... The only additional port used by the 'Connect to' process is port 4125 and though this would be forwarded from the firewall device to SBS at all times the port is protected by the SBS firewall until an authenticated user requests it open, at which time it is opened only to traffic from the requesting IP. ... Implement 2 factor authentication to RWW. ...
    (microsoft.public.windows.server.sbs)