Re: SP1 breakes VPN RRAS Server

From: "Robert L [MS-MVP]" <noreply@xxxxxxxxxxx>
Date: Tue, 6 Sep 2005 15:49:41 -0500

"when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol" Have you check the port services? Or do a simple test to telnet port 1723.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net

"Franz Schenk" <franz.schenkNOSPAM@xxxxxxxxxxxxxxxx> wrote in message news:eXOI$RusFHA.3404@xxxxxxxxxxxxxxxxxxxx...
Have a problem with a Windows 2003 VPN RRAS Server. RRAS is configured as
"VPN Remote Access Server only", allowing only IPSEC/L2TP inbound
connections and enabling the Basic Firewall (without NAT) on the public
interface.

The server works fine, until SP1 installation. After that, the VPN Server
doesn't accept inbound connections anymore. Have found that the problem is
releated to the Basic RRAS Firewall. When removing the public interface from
the "NAT/Basic Firewall" category, the VPN Server accepts inbound
connections. But when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol, and enabling all ICMP protocol rules.
It's also not possible to ping the external interface from a external
client.

When removing the public interface from "NAT/Basic firewall", inbound
connections work fine. Inbound connections also work fine when removing SP1,
with enabled firewalled public interface. Have installed SP1 tcp/ip hotfix
898060, no success. It's not a problem particular to one machine, I was able
to reproduce the problem with two virtual machines on my Notebook.

Thanks all in advance for any help or advice
Franz

Follow-Ups:
- Re: SP1 breakes VPN RRAS Server
  - From: Franz Schenk

References:
- SP1 breakes VPN RRAS Server
  - From: Franz Schenk

Prev by Date: Re: Domain Controler Promblems
Next by Date: Re: PEAP Certificate Problem
Previous by thread: SP1 breakes VPN RRAS Server
Next by thread: Re: SP1 breakes VPN RRAS Server
Index(es):
- Date
- Thread

Relevant Pages

Re: SQL clients dropping connections on WAN
... I can transfer files over the connections, ... Server, even see the SQL 2000 server. ... The only change made when we did the DSL switch ... The forth server is actually on it's own subnet in the DMZ of the firewall ...
(microsoft.public.sqlserver.clients)
Vista Protocol and Program Networking Issues
... connections aren't even getting to the servers I'm trying to connect. ... "failed to connect to the port 22 on SERVER" ... firewall both turned off, and turned on. ... also have worked in and outside the network, ...
(microsoft.public.windows.vista.networking_sharing)
SP1 breakes VPN RRAS Server
... Have a problem with a Windows 2003 VPN RRAS Server. ... allowing only IPSEC/L2TP inbound ... doesn't accept inbound connections anymore. ...
(microsoft.public.windows.server.networking)
SP1 breakes VPN RRAS Server
... Have a problem with a Windows 2003 VPN RRAS Server. ... allowing only IPSEC/L2TP inbound ... doesn't accept inbound connections anymore. ...
(microsoft.public.win2000.ras_routing)
Re: Connection Sharing on demand
... user has to authenticate for each time they want an Internet service, ... That can be done as a firewall application with lots ... you'd have the user connect to a server ... mentioned blocking inbound connections - that's trivial to do with the ...
(comp.os.linux.networking)