Re: SP2 Firewall stops VPN connection

From: "RRR_News" <rrr_news@xxxxxxx>
Date: Fri, 27 May 2005 12:47:39 -0400

AriNZ,
By the way if the PC is constantly connected to the D-Link router, you don't
need to have XP Firewall program running. There is a firewall built into the
router. But if you want to run Windows firewall, or this is laptop that you
take to work. You may also want to go to D-Link and update the firmware for
the router. It looks like the E version had an upgrade as late as 12/04,
which might help with the SP2 upgrade.

http://d-link.com/products/support.asp?pid=62&pv=17&sec=0

You may need to reset the Windows Firewall after the SP2 upgrade.

Control Panel> Security> Click on Windows Firewall icon, at the bottom of
page> Exceptions tab> Check box for VPN pass through> You may need to add
that program to the exceptions list.

--

Click on Link to Add MS to your News Reader: news://msnews.microsoft.com
Rich/rerat

(RRR News) <message rule>
<<Previous Text Snipped to Save Bandwidth When Appropriate>>

"AriNZ" <AriNZ@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:98F47B18-D2A9-49AF-B07C-6A7BCFEC23FE@xxxxxxxxxxxxxxxx
I have Googled this problem to death, and found no solution. I turn to this
thread for help.

My set-up: XP Pro computer on home LAN, connected as follows:

My computer
!
D-Link DI-604 Router/Internet Gateway
!
ADSL modem
!
Internet

A time ago I used the XP Pro VPN client to set up a PPTP VPN connection to
my "Employer's server". Therefore, my Network Connections window shows
"Internet Connection", "Local Area Connection" and "Virtual Private Network,
Employer's server".

By enabling the "VPN Pass-Thru, PPTP" option on my DI-604 router, I have
succesfully VPN'ed to my "Employer's server".

The problem started when I installed XP SP2. With the Windows Firewall "on",
I cannot make the VPN connection.

If I turn the Windows Firewall "off", the VPN connection can be successfully
completed.

Using the Windows Firewall activity log (pfirewall.log), I logged three
separate attempts to make the VPN connection while the Windows Firewall was
"on". Each attempt stalled and ultimately failed as follows:

date time action protocol src-ip dst-ip src-port dst-port size tcpflags
tcpsyn tcpack tcpwin icmptype icmpcode info path

26/5/05 10:47:38 OPEN TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - - - -
26/5/05 10:47:40 DROP TCP 222.333.444.555 192.168.0.101 1723 2506 72 AP
4148137482 1112083982 17356 - - - RECEIVE
26/5/05 10:49:40 CLOSE TCP 192.168.0.101 222.333.444.555 2506 1723 - - - -
- - -

26/5/05 12:15:01 OPEN TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - - - -
26/5/05 12:15:03 DROP TCP 222.333.444.555 192.168.0.101 1723 1861 72 AP
2982775699 1704473147 17356 - - - RECEIVE
26/5/05 12:17:03 CLOSE TCP 192.168.0.101 222.333.444.555 1861 1723 - - - -
- - -

26/5/05 12:20:11 OPEN TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - - - -
26/5/05 12:20:13 DROP TCP 222.333.444.555 192.168.0.101 1723 2181 72 AP
944672026 916574642 17356 - - - RECEIVE
26/5/05 12:22:13 CLOSE TCP 192.168.0.101 222.333.444.555 2181 1723 - - - -
- - -

In each instance I got "Error 800: Unable to establish the VPN connection".

Note that my DI-604 router uses NAT filtering; my computer's DHCP-assigned
LAN address is 192.168.0.101; my Employer's server is at 222.333.444.555
(fictitious).

Note also that the "local" source/destination port is different in each
instance (2506, then 1861, then 2181). As best I can tell, the DI-604
continuously cycles thru ports, opening and closing them. When the VPN
connection is initiated, whichever port is next in the "cycle" is the one
selected for the VPN connection. I hope I am right/this makes sense.

Anyhow, the question is: How can I successfully complete my VPN connection
while the Windows Firewall in "on"?

Thank you in advance for your helpful answers.

.

References:
- SP2 Firewall stops VPN connection
  - From: AriNZ

Prev by Date: Re: Can't map network drive
Next by Date: Re: VPN connection
Previous by thread: SP2 Firewall stops VPN connection
Next by thread: Does XP Home allow Telnet Server?
Index(es):
- Date
- Thread

Relevant Pages

Re: XP Firewall Disabled - Help!
... changed dependency Network Connection startup to automatic ... I restarted the comp and tried to access firewall through security center. ... The message appeared "Windows firewall settings cannot be displayed because ... anything in the registry. ...
(microsoft.public.windowsxp.security_admin)
Re: internet connection
... ZoneAlarm it only turns off the Firewall and not the service? ... Link-layer Topology Boxes in the Local Area Connection Properties Box. ... Rick Rogers, ... Remove Zone Alarm and use the Windows Firewall instead. ...
(microsoft.public.windows.vista.general)
Re: VPN PPTP
... prevent a VPN connection, but I have not tried using the XP basic firewall. ... How can I add protocol gre? ...
(microsoft.public.win2000.ras_routing)
Please help me get started
... Just Enable IIS to work. ... Windows firewall allows to firewall also your lan, ... connection even if you allowed traffic toward IIS and VS ...
(microsoft.public.vsnet.general)
Re: SP2 Firewall: enable firewall for one connection not another
... > firewire connection that is disabled.) ... > I want to enable the firewall for JUST the Cable Modem, ... > but disable it for the local network. ... Description of the Windows Firewall feature in Windows XP ...
(microsoft.public.windowsxp.security_admin)