Re: VPN and Ports

I'm using L2TP/IPSEC VPN and not PPTP VPN.
Therefore ports 500,4500,1701,and protocol 50.
And it is not true that source ports are always random espescialy with
L2TP/IPSEC.

"Phillip Windell" <@.> wrote in message
news:egFr70sQGHA.2816@xxxxxxxxxxxxxxxxxxxxxxx
"Richard Hrubizna" <hrubizna@xxxxxxx> wrote in message
news:%23dIWkNsQGHA.4952@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,

my question is about ports. I had set up a MsWin2003 VPN server and
configured firewall.
My firewall and ports :
Client Ports <-> VPN Server Ports

UDP 500 <-> UDP 500
UDP 4500 <-> UDP 4500
UDP 1701 <-> UDP 1701
Protocol 50 <-> Protocol 50

VPN is working fine. But several our users are behind some routers that
are
changing theirs source ports.

Source ports are always random and are different with every connection,
that
isn't something you can do anything about. You can not do things the way
you are trying.

Assuming the users are on the Outside, the VPN Server is on the
Inside,..and
the firewall is between them....

You have to use Static NAT on the firewall to make the VPN Server
available
to the users. You also need to enable "VPN Passthrough" or whatever your
particular brand of router calls it, (some can't do it at all)...without
that it will not pass the GRE packets (Protocol 47, not 50). The Static
NAT
should be done with 1701 unless your particular firewall automatically
takes
care of that when you enable "VPN Passthrough". Not all firewall devices
are capable of doing this,...and I also see no point in fooling with 500
and
4500 or Protocol 50.

The bottom line it that you have to read the Docs for your Firewall and do
it *their way* and your firewall may limit your choices by its design.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com




.

Relevant Pages

  • Re: NetGear FVS124G
    ... Manageable DUAL WAN VPN Firewall with Gigabit LAN Ports ... support, and up to 25 IPSec VPN tunnels assures safe network computing. ...
    (comp.security.firewalls)
  • Re: Cant access server over VPN
    ... I did not check this because I was sure I had opened these ports in the firewall on the server...and indeed I had. ... Think is Windows firewall only opened them to the subnet the server was on. ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
  • Re: Ports require to open to allow communications between AD 2003
    ... Also I have some info on locking ports to specific ranges for RPC in general ... Select articles and click on Firewall Ports Needed For Replication there is ... We are not looking in VPN cos the ... We were suggesting that you let the clients connect through ...
    (microsoft.public.windows.server.active_directory)
  • Re: Long time loging to the domain behind the firewall
    ... It is not my case to use VPN, the servers are in the same building on the same network but behind firewall. ... I just want to know maybe I need to open some extra ports and change registry etc.. ... Basically I would like if the computer detects a slow connection to try using the VPN and then run all the star-up scripts and such. ... Global catalog LDAP over SSL 3269/tcp ...
    (microsoft.public.windows.server.active_directory)
  • Re: Connecting to XP sp2 machines by VPN
    ... I have no idea which parts of the connections the firewall is blocking. ... have looked at the firewall log and googled the ports that have DROP in the ... "Jim Behning SBS MVP" wrote: ... open port 1723 so what are all the others, are they to do with the VPN ...
    (microsoft.public.windows.server.sbs)
Loading