Re: Connecting to XP sp2 machines by VPN
- From: Leigh <Leigh@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 May 2008 06:19:01 -0700
Hi Jim
Thanks for your input I found both articles very interresting. however I
have no idea what values to put into the scope parameters. That being so I
opted to use * as the easy no brain every thing allowed. But next problem
Which port to modify ???
Is this the same as changing the scope in fire wall set up for Print and
file sharing. If so I allready plumped for the "Any computer (including those
on the internet)
I have no idea which parts of the connections the firewall is blocking. I
have looked at the firewall log and googled the ports that have DROP in the
dialogue. That has scared me to death. PORTS 445 138 139 68 67 13518 13504
13502 13503 13477 what ever happened to good old "you only need 1723" I dont
have a clue what all the other ports are or if the word DROP indicates them
causing my problem (please see previous posts) any guidance here gratefully
recieved.
incidentally the software I am using makes no difference to my problem. If I
connect by VPN manually from SBS2003 into XPsp2 I cannot see shared folders
unless I switch off the firewall :-(
"Jim Behning SBS MVP" wrote:
I think I have seen this before. You probably need to add other.
networks to allow foreign ips in. Here is my long story from a few
years ago. I hope it is relevant.
http://msmvps.com/blogs/bgb/archive/2006/05/16/95140.aspx
On Fri, 9 May 2008 02:25:01 -0700, Leigh
<Leigh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello BillSee what SBS support is working on
I have allowed the print and file sharing to be accessed by any computer
(including those on the internet) previously and still no luck.!!
I also created a log file "pfirewall" previously which I have copied into
here. Unfortunately it doesnt fit very well and looks a mess in this post.
Perhaps you can cast your eye over it and make some observations that may
help as I do not really understand all the information contained.
81.140.65.54 is the SBS external static .192.168.16.41 is the XP internal
fixed IP 192.168.0.1 is the internal SBS ip
I can see a lot of DROPS in the log which seem to involve TCP and UDP ports
In all the research I have done I understood I only need to make sure to
open port 1723 so what are all the others, are they to do with the VPN
connection I am trying to make and do I need to open them.
I dont want to open them if that will cause me other problems. Can you advise
Thanks for your help
2008-04-25 14:15:42 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 13477 1723 -
- - - - - - - -
2008-04-25 14:15:46 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
- - - RECEIVE
2008-04-25 14:15:50 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
- - - RECEIVE
2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
3084194260 1133350834 9520 - - - SEND
2008-04-25 14:16:03 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
804954720 0 65535 - - - RECEIVE
2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
369768440 2327057425 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
3084194260 1133350834 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
369768440 2327057425 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
804954720 0 65535 - - - RECEIVE
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 1350240 A
3084194261 1133350834 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
369768441 2327057425 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
369768440 2327057425 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
3084194260 1133350834 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
804954720 0 65535 - - - RECEIVE
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 40 A
3084194261 1133350834 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
369768441 2327057425 9520 - - - SEND
2008-04-25 14:16:22 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
- - - - SEND
2008-04-25 14:16:24 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
1701259848 0 65535 - - - RECEIVE
2008-04-25 14:16:27 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
1701259848 0 65535 - - - RECEIVE
2008-04-25 14:16:33 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
1701259848 0 65535 - - - RECEIVE
"Bill Sanderson" wrote:
I'm surprised at this result. I'd have thought that the VPN tunnel between
the SBS server and the XP workstation would have bypassed the firewall.
Here's what I think I would do to try to troubleshoot this:
Arrange to be able to connect to one of the XP workstations via Remote
Desktop. Open Remote Desktop through the Windows firewall on that XP
machine.
You may find that when the VPN tunnel connects, you lose the RDP connection,
unfortunately--if that's the case, I'm not sure how to work around it.
http://support.microsoft.com/kb/875357
is the article I would use to guide your troubleshooting. However, I think
you
could save some time if you can find as much information about this
"inherited software" as possible--particularly--what executables, if any,
are involved on the XP end, and what ports and protocols.
One thought is to open file and printer sharing through the firewall, which
is a simple checkbox--if that is not already enabled. Another would be to
modify the scope of that sharing to include not just the local (in-store)
network, but also the IP address of the SBS 2003 server end of the VPN
tunnel.
The firewall on the XP end can be configured to log dropped packets. I'd
suggest enabling this logging, and attempting a connection, and then
inspecting the log to see what's happening. That should give you clues
about what needs to be allowed through.
"Leigh" <Leigh@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@xxxxxxxxxxxxxxxx
I have Win 2003SBS and several Win XP sp2 standalone remote machines.
I need to collect simple files from the XP machines using the 2003SBS and
the internet on a daily basis.
I have set XP machines as VPN servers
I can connect to these machines from the 2003SBS by VPN no problem
My problem is this.
When I try to map a drive in 2003SBS to the shared folder on the XP
machine
I am unable to do so except when the Windows firewall is switched off on
the
XP machine.
When the XP firewall is off every thing works fine.
What do I have to do to the firewall to allow access to the shared folder,
because I would rather not leave the firewall turned off permanently.
Thanks for any help
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
- Follow-Ups:
- Re: Connecting to XP sp2 machines by VPN
- From: Jim Behning SBS MVP
- Re: Connecting to XP sp2 machines by VPN
- References:
- Connecting to XP sp2 machines by VPN
- From: Leigh
- Re: Connecting to XP sp2 machines by VPN
- From: Bill Sanderson
- Re: Connecting to XP sp2 machines by VPN
- From: Leigh
- Re: Connecting to XP sp2 machines by VPN
- From: Jim Behning SBS MVP
- Connecting to XP sp2 machines by VPN
- Prev by Date: OT: TechBash 2008 in NE Pennsylvania
- Next by Date: Re: Exporting a Certificate from SBS
- Previous by thread: Re: Connecting to XP sp2 machines by VPN
- Next by thread: Re: Connecting to XP sp2 machines by VPN
- Index(es):
Relevant Pages
|
