Re: Map drives between 2 XP SP2 machines...

From: Doug Knox MS-MVP (dknox_at_mvps.org)
Date: 09/08/05 

Date: Wed, 7 Sep 2005 21:39:46 -0400

CheckPoint's VPN software has a Stateful Packet Inspection firewall, I believe, that is on, even when the VPN connection is not established. Check the Help files for how to turn the SPI firewall off. 

-- 
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
 
"hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:6C91A9BC-308A-4D18-9E09-8B65928577D0@microsoft.com...
> Well, I verifed that I have an ICMP exception for PING/echo and have port 445 
> open on both machies (with the scope of the exception being my network, i.e. 
> subnet) - But I still am not able to get an comminucation b/w the machines. 
> 
> RE: Firewall on/off - now a correction to one of my eariler posts. When 
> logged into the local machine (i.e. not the domain) for both machines: On 
> Machine A, on the Firewall's General tab, The "Off..." radio button is 
> selected, but both the "On..." and "Off..." buttons are disabled (greyed 
> out). The message at the bottom states that "Windows Firewall is using your 
> domain settings". On machine B, on the Firewall's General tab, the "Off..." 
> radio button is selected and enabled. The message at the bottom of the screen 
> states that "Windows Firewall is using your NON-domain settings". I'm not 
> sure of this discrepancy is causing an issue.
> 
> What other reasons would there be that I can't get these two machines to 
> talk - given they could communicate before I installed XP SP2?
> 
> Ok, one other possible issue - I just realized that I also installed 
> Checkpoint Software technologies' VPN-1 SecureClient software on both 
> machines. It looks like it has settings for security profiles but I don't see 
> a way to set exceptions... could this be the culprit? If so, any ideas on how 
> to deal with it (other than disabling it...)
> 
> Thanks for your help thus far!
> 
> Charles
> 
> "Doug Knox MS-MVP" wrote:
> 
>> You should be able to do it by IP address, or by machine name.  If port 445 is opened, then you shouldn't have any problem.  Since you're behind a router, have you tried turning XP's firewall off?  If that works, then its definitely a firewall issue.
>> 
>> -- 
>> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> Win 95/98/Me/XP Tweaks and Fixes
>> http://www.dougknox.com
>> --------------------------------
>> Per user Group Policy Restrictions for XP Home and XP Pro
>> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> --------------------------------
>> Please reply only to the newsgroup so all may benefit.
>> Unsolicited e-mail is not answered.
>>  
>> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:6CEC5EE8-CDA7-4DCF-B929-DD785622912C@microsoft.com...
>> > So, it appears that I have an exception for ping/echo and port 445 open - but 
>> > I'm still not able to map (or ping) from one PC to the other... 
>> > 
>> > Any other suggestions?
>> > 
>> > BTW, say for instance, that my IP addresses are 192.168.0.100 and ....101 on 
>> > the two machines respectively... I should be able to map drives from one 
>> > machine to the other using the router assigned IPs (that's how I used todo it 
>> > before I upgraded to XP SP2...)
>> > 
>> > I'm stumped!
>> > 
>> > "Doug Knox MS-MVP" wrote:
>> > 
>> >> ICMP Echo is the same as a Ping.  Port 445 should be the port that ping's come in on.
>> >> 
>> >> -- 
>> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> http://www.dougknox.com
>> >> --------------------------------
>> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> --------------------------------
>> >> Please reply only to the newsgroup so all may benefit.
>> >> Unsolicited e-mail is not answered.
>> >>  
>> >> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:E31F3DEA-4B31-45AE-9918-2A2D0DBAB0E9@microsoft.com...
>> >> > Oops, I see that in your message  now...
>> >> > 
>> >> > Ok, on both PC's I've got the option "Allow incoming echo request" checked 
>> >> > but nothing else. I don't see anything about "Ping".
>> >> > Is there some port that I need to enable (and how)?
>> >> > 
>> >> > "Doug Knox MS-MVP" wrote:
>> >> > 
>> >> >> ICMP packet exceptions are on the Advanced tab, ICMP section, not the Exceptions tab.
>> >> >> 
>> >> >> -- 
>> >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> >> http://www.dougknox.com
>> >> >> --------------------------------
>> >> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> >> --------------------------------
>> >> >> Please reply only to the newsgroup so all may benefit.
>> >> >> Unsolicited e-mail is not answered.
>> >> >>  
>> >> >> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:AF5B5596-FF27-4E01-AA90-714D5F859279@microsoft.com...
>> >> >> > Thanls for the quick reply!
>> >> >> > 
>> >> >> > On the "Windows Firewall" dialog's general tab, both the on and off radio 
>> >> >> > buttons are greyed out - and there's a message at the bottom stating that the 
>> >> >> > "Windows Firewall is using your domain settings"... (I'm logged in on the 
>> >> >> > domain account - the firewall has this same setting when I login to the local 
>> >> >> > machine)
>> >> >> > 
>> >> >> > Regardless, under the exceptions tab, I have no program or service named 
>> >> >> > like "ICMP Ping/echo packets" - how do I add this exception to the list 
>> >> >> > (clicking add programs reveals no program like "*ICMP*")? Further, how will I 
>> >> >> > know whick port(s) to open up without creating a security risk for myself?
>> >> >> > 
>> >> >> > "Doug Knox MS-MVP" wrote:
>> >> >> > 
>> >> >> >> Is the Windows firewall enabled?  If so, check the firewall exceptions to ensure that ICMP Ping/echo packets are allowed. This setting and other ICMP settings are found on the Advanced tab, ICMP, Settings.
>> >> >> >> 
>> >> >> >> -- 
>> >> >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> >> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> >> >> http://www.dougknox.com
>> >> >> >> --------------------------------
>> >> >> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> >> >> --------------------------------
>> >> >> >> Please reply only to the newsgroup so all may benefit.
>> >> >> >> Unsolicited e-mail is not answered.
>> >> >> >>  
>> >> >> >> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:F572A6B0-5C5C-4277-B825-73004A4DEB50@microsoft.com...
>> >> >> >> >I am having trouble getting a connection (ping, with eventual desire to map a 
>> >> >> >> > drive) between two machines on XP SP2 - before upgrading to XP SP2 I did not 
>> >> >> >> > have this problem. 
>> >> >> >> > 
>> >> >> >> > Here's my set up...
>> >> >> >> > Two laptops with XP SP2, connected via a router. When logging into the 
>> >> >> >> > "local machine" on both laptops, neither machine can PING the other. Same 
>> >> >> >> > story when I login to both machines on the same domain... what gives. 
>> >> >> >> > 
>> >> >> >> > I know the IP addresses of both machines, subnet mask and such - but I can't 
>> >> >> >> > reach one machine from the other... I need help - can someone throw me a bone?
>> >> >> >>
>> >> >>
>> >>
>>