The scenario is: I have a Windows XP Pro client at a remote location that I use to connect to my office for my accounting software, amongst other things. Recently my VPN stopped working. After some troubleshooting, I discovered that the second I disable my Windows Firewall on the client, the VPN begins to work again. No new software or hardware has been installed, and just to be safe, I opened up VPN port 1723 on the client, and GRE port 47. Now I know that Windows Firewall SUPPOSEDLY doesn't block outbound traffic, but in this case it may be. Does anyone know a work around for this? I would really like to keep my Windows Firewall enabled, and still be able to connect my VPN. XP is up to date with all Microsoft updates and Service packs. I have tried system restore with no results. Any help is appreciated. Thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
XP firewall is blocking outbound VPN.
- Thread starter DoahMonty
- Start date
- Thread starter
- #4
Grenage-I'm using the built in XP client to connect. Seems to work fine once the firewall is turned off. Burtsbees-I do have 1723 and 47 open either way, so if it was being blocked coming back in this should rectify that right? Or am I missing some ports? Thanks for the help guys... anymore input is greatly appreciated...
Inherently, Windows Firewall does block ICMP echo-replies, so it could be. I have never used Windows Firewall, so I could not tell you how to enable ping replies, and I don't know if this would open communications correctly anyway. I think that VPN's normally have keep-alives set, but I don't know about Windows VPN's. The thing I would do, not knowing what ports need to be open or what is not allowing it through, would be to disable Windows Firewall temporarily and utilize a packet sniffer and connect the VPN, see what ports indeed need to be open, perhaps some UDP ports also.
Burt
Burt
- Thread starter
- #7
burtsbees-Good suggestion, I will run Ethereal and see what's going on behind closed doors. Grenage-I am connecting to a 2000 server configured for RRAS (also my PDC). Thanks guys. Ya know, part of me knows that I'll be just fine without the Windows Firewall, but I would really like to figure this out. I am in charge of 200+ IT accounts, and if one of them were to have the same issue, and didn't want to leave the firewall disabled, then I would be in a really tough spot. I really appreciate the help.
dtrtel
Technical User
- Jul 18, 2007
- 85
You can try logging dropped packets (advanced tab on windows firewall) to see what is being blocked. Also try forcing VPN type to PPTP, rather than Automatic.
Might also want to open 1701 for L2TP, and 500 for IPSEC on windows firewall.
--jeff
Might also want to open 1701 for L2TP, and 500 for IPSEC on windows firewall.
--jeff
- Thread starter
- #10
Even though there were some pretty promising posts, I was never able to figure it out. So as it stands right now, the VPN is working, but only because I've decided to let the firewall turned off. It really frustrates me that in the effort to make things more secure, they've made the simplest things stop working. Sorry I couldn't have been of more help.
- Thread starter
- #12
DTRTEL - I have tried that. Also I've tried opening port 1723, and GRE port, although the corresponding port number escapes me at the moment... (47 I believe). I'm using PPTP, and I'm not using IPSEC. I can try it just to be sure though... Thanks...
- Status
Similar threads
- Locked
- Question