Security Basics mailing list archives
RE: VPN
From: "Rick Darsey" <rdarsey () aims1 com>
Date: Mon, 30 Dec 2002 12:43:53 -0600
It sounds like either your router, or the Windows 2000 server is blocking VPN traffic from outside the LAN. You need to open several ports on the router to allow the VPN tunnel to terminate at the Windows 2000 server. Here is a partial list: access-list 101 permit gre any host xxx.xxx.xxx.xxx access-list 101 permit ahp any host xxx.xxx.xxx.xxx access-list 101 permit esp any host xxx.xxx.xxx.xxx access-list 101 permit udp any host xxx.xxx.xxx.xxx eq 1701 access-list 101 permit udp any host xxx.xxx.xxx.xxx eq isakmp access-list 101 permit tcp any host xxx.xxx.xxx.xxx eq 1723 This is from a CISCO router, but the port numbers and protocol types are the same. The xxx.xxx.xxx.xxx is the IP address of the Windows 2000 server. Also, look at the filtering on the Windows 2000 server. You can block traffic on a specific interface based on port numbers, etc. By default, nothing is blocked, but you may want to look into it. To find the filters, right click on the adapter in question, select properties, then select TCP.IP (internet protocol) properties, then advanced, then options, and look for TCP Filtering. Hope this helps Rick Darsey -----Original Message----- From: Luan Rocha [mailto:luan_rocha () brturbo com] Sent: Saturday, December 28, 2002 12:24 PM To: Security basics Subject: VPN Hey, I'm configuring a server(win2000 advanced server) to provide internet for the inside network and a VPN to do the maintaining. But i dont know why, i only can access the VPN through the inside network, but from internet i get an error that my server is not responding. The access from the network to the internet is ok. Only the VPN that isn't allright. In the server i have DHCP, ROUTER, DNS, RAS and VPN configured. The modem has a ROUTER and some FILTERS configured. Any sugestions? Thanks in advance, Luan Rocha