RE: VPN

["Rick Darsey" <rdarsey () aims1 com>]

It sounds like either your router, or the Windows 2000 server is blocking
VPN traffic from outside the LAN. You need to open several ports on the
router to allow the VPN tunnel to terminate at the Windows 2000 server.

Here is a partial list:

access-list 101 permit gre any host xxx.xxx.xxx.xxx
access-list 101 permit ahp any host xxx.xxx.xxx.xxx
access-list 101 permit esp any host xxx.xxx.xxx.xxx
access-list 101 permit udp any host xxx.xxx.xxx.xxx eq 1701
access-list 101 permit udp any host xxx.xxx.xxx.xxx eq isakmp
access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq 1723

This is from a CISCO router, but the port numbers and protocol types are the
same. The xxx.xxx.xxx.xxx is the IP address of the Windows 2000 server.

Also, look at the filtering on the Windows 2000 server. You can block
traffic on a specific interface based on port numbers, etc.  By default,
nothing is blocked, but you may want to look into it.  To find the filters,
right click on the adapter in question, select properties, then select
TCP.IP (internet protocol) properties, then advanced, then options, and look
for TCP Filtering.

Hope this helps

Rick Darsey

-----Original Message-----
From: Luan Rocha [mailto:luan_rocha () brturbo com]
Sent: Saturday, December 28, 2002 12:24 PM
To: Security basics
Subject: VPN


Hey,
   I'm configuring a server(win2000 advanced server) to provide internet for
the inside network and
a VPN to do the maintaining. But i dont know why, i only can access the VPN
through the inside
network, but from internet i get an error that my server is not responding.
   The access from the network to the internet is ok. Only the VPN that
isn't allright.
   In the server i have DHCP, ROUTER, DNS, RAS and VPN configured.
   The modem has a ROUTER and some FILTERS configured.
   Any sugestions?



Thanks in advance,
Luan Rocha