Connecting to XP sp2 machines by VPN

Tutorials Win: Microsoft Windows Forum

I have Win 2003SBS and several Win XP sp2 standalone remote machines.
I need to collect simple files from the XP machines using the 2003SBS and
the internet on a daily basis.
I have set XP machines as VPN servers
I can connect to these machines from the 2003SBS by VPN no problem

My problem is this.

When I try to map a drive in 2003SBS to the shared folder on the XP machine
I am unable to do so except when the Windows firewall is switched off on the
XP machine.
When the XP firewall is off every thing works fine.
What do I have to do to the firewall to allow access to the shared folder,
because I would rather not leave the firewall turned off permanently.

Thanks for any help
Top

Re: Connecting to XP sp2 machines by VPN by AllenM

AllenM
Thu May 08 08:51:01 PDT 2008

Why not take advantage of Remote Web Workplace that comes with SBS and you
can connect to those XP desktops directly? No VPN necessary.

"Leigh" <Leigh@discussions.microsoft.com> wrote in message
news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
>I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> I need to collect simple files from the XP machines using the 2003SBS and
> the internet on a daily basis.
> I have set XP machines as VPN servers
> I can connect to these machines from the 2003SBS by VPN no problem
>
> My problem is this.
>
> When I try to map a drive in 2003SBS to the shared folder on the XP
> machine
> I am unable to do so except when the Windows firewall is switched off on
> the
> XP machine.
> When the XP firewall is off every thing works fine.
> What do I have to do to the firewall to allow access to the shared folder,
> because I would rather not leave the firewall turned off permanently.
>
> Thanks for any help
>


Top

Re: Connecting to XP sp2 machines by VPN by Leigh

Leigh
Thu May 08 09:17:00 PDT 2008

Hello Allen

The SBS box is using some inherited software to interogate the XP machines
which are being used as cash tills in 14 stores. This software kicks off on
the windows scheduler at about midnight and uses VPN to connect. I realise I
could use RWW but for now I need to get the VPN system running.

"AllenM" wrote:

> Why not take advantage of Remote Web Workplace that comes with SBS and you
> can connect to those XP desktops directly? No VPN necessary.
>
> "Leigh" <Leigh@discussions.microsoft.com> wrote in message
> news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
> >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> > I need to collect simple files from the XP machines using the 2003SBS and
> > the internet on a daily basis.
> > I have set XP machines as VPN servers
> > I can connect to these machines from the 2003SBS by VPN no problem
> >
> > My problem is this.
> >
> > When I try to map a drive in 2003SBS to the shared folder on the XP
> > machine
> > I am unable to do so except when the Windows firewall is switched off on
> > the
> > XP machine.
> > When the XP firewall is off every thing works fine.
> > What do I have to do to the firewall to allow access to the shared folder,
> > because I would rather not leave the firewall turned off permanently.
> >
> > Thanks for any help
> >
>
>
>
Top

Re: Connecting to XP sp2 machines by VPN by Leigh

Leigh
Thu May 08 09:24:07 PDT 2008

I just looked at Remote Web Workplace. Correct me if I am wrong but dont the
XP machines need to be connected to the SBS on the network and wouldnt they
be starting the connection to the SBS

Also I need the SBS2003 box to start the connection for security reasons and
it is connecting to stand alone XP machines in different cities and towns.



"Leigh" wrote:

> Hello Allen
>
> The SBS box is using some inherited software to interogate the XP machines
> which are being used as cash tills in 14 stores. This software kicks off on
> the windows scheduler at about midnight and uses VPN to connect. I realise I
> could use RWW but for now I need to get the VPN system running.
>
> "AllenM" wrote:
>
> > Why not take advantage of Remote Web Workplace that comes with SBS and you
> > can connect to those XP desktops directly? No VPN necessary.
> >
> > "Leigh" <Leigh@discussions.microsoft.com> wrote in message
> > news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
> > >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> > > I need to collect simple files from the XP machines using the 2003SBS and
> > > the internet on a daily basis.
> > > I have set XP machines as VPN servers
> > > I can connect to these machines from the 2003SBS by VPN no problem
> > >
> > > My problem is this.
> > >
> > > When I try to map a drive in 2003SBS to the shared folder on the XP
> > > machine
> > > I am unable to do so except when the Windows firewall is switched off on
> > > the
> > > XP machine.
> > > When the XP firewall is off every thing works fine.
> > > What do I have to do to the firewall to allow access to the shared folder,
> > > because I would rather not leave the firewall turned off permanently.
> > >
> > > Thanks for any help
> > >
> >
> >
> >
Top

Re: Connecting to XP sp2 machines by VPN by AllenM

AllenM
Thu May 08 09:29:14 PDT 2008

Correct. the XP machines must be connected to thye SBS domain. So in your
case this wouldn't work.


"Leigh" <Leigh@discussions.microsoft.com> wrote in message
news:FFDFEF0A-176A-48E6-8511-17B681C6CEC2@microsoft.com...
>I just looked at Remote Web Workplace. Correct me if I am wrong but dont
>the
> XP machines need to be connected to the SBS on the network and wouldnt
> they
> be starting the connection to the SBS
>
> Also I need the SBS2003 box to start the connection for security reasons
> and
> it is connecting to stand alone XP machines in different cities and towns.
>
>
>
> "Leigh" wrote:
>
>> Hello Allen
>>
>> The SBS box is using some inherited software to interogate the XP
>> machines
>> which are being used as cash tills in 14 stores. This software kicks off
>> on
>> the windows scheduler at about midnight and uses VPN to connect. I
>> realise I
>> could use RWW but for now I need to get the VPN system running.
>>
>> "AllenM" wrote:
>>
>> > Why not take advantage of Remote Web Workplace that comes with SBS and
>> > you
>> > can connect to those XP desktops directly? No VPN necessary.
>> >
>> > "Leigh" <Leigh@discussions.microsoft.com> wrote in message
>> > news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
>> > >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
>> > > I need to collect simple files from the XP machines using the 2003SBS
>> > > and
>> > > the internet on a daily basis.
>> > > I have set XP machines as VPN servers
>> > > I can connect to these machines from the 2003SBS by VPN no problem
>> > >
>> > > My problem is this.
>> > >
>> > > When I try to map a drive in 2003SBS to the shared folder on the XP
>> > > machine
>> > > I am unable to do so except when the Windows firewall is switched off
>> > > on
>> > > the
>> > > XP machine.
>> > > When the XP firewall is off every thing works fine.
>> > > What do I have to do to the firewall to allow access to the shared
>> > > folder,
>> > > because I would rather not leave the firewall turned off permanently.
>> > >
>> > > Thanks for any help
>> > >
>> >
>> >
>> >


Top

Re: Connecting to XP sp2 machines by VPN by Bill

Bill
Thu May 08 09:46:26 PDT 2008

I'm surprised at this result. I'd have thought that the VPN tunnel between
the SBS server and the XP workstation would have bypassed the firewall.

Here's what I think I would do to try to troubleshoot this:

Arrange to be able to connect to one of the XP workstations via Remote
Desktop. Open Remote Desktop through the Windows firewall on that XP
machine.

You may find that when the VPN tunnel connects, you lose the RDP connection,
unfortunately--if that's the case, I'm not sure how to work around it.

http://support.microsoft.com/kb/875357

is the article I would use to guide your troubleshooting. However, I think
you
could save some time if you can find as much information about this
"inherited software" as possible--particularly--what executables, if any,
are involved on the XP end, and what ports and protocols.

One thought is to open file and printer sharing through the firewall, which
is a simple checkbox--if that is not already enabled. Another would be to
modify the scope of that sharing to include not just the local (in-store)
network, but also the IP address of the SBS 2003 server end of the VPN
tunnel.

The firewall on the XP end can be configured to log dropped packets. I'd
suggest enabling this logging, and attempting a connection, and then
inspecting the log to see what's happening. That should give you clues
about what needs to be allowed through.



"Leigh" <Leigh@discussions.microsoft.com> wrote in message
news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
>I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> I need to collect simple files from the XP machines using the 2003SBS and
> the internet on a daily basis.
> I have set XP machines as VPN servers
> I can connect to these machines from the 2003SBS by VPN no problem
>
> My problem is this.
>
> When I try to map a drive in 2003SBS to the shared folder on the XP
> machine
> I am unable to do so except when the Windows firewall is switched off on
> the
> XP machine.
> When the XP firewall is off every thing works fine.
> What do I have to do to the firewall to allow access to the shared folder,
> because I would rather not leave the firewall turned off permanently.
>
> Thanks for any help
>

Top

Re: Connecting to XP sp2 machines by VPN by Leigh

Leigh
Fri May 09 02:25:01 PDT 2008

Hello Bill

I have allowed the print and file sharing to be accessed by any computer
(including those on the internet) previously and still no luck.!!
I also created a log file "pfirewall" previously which I have copied into
here. Unfortunately it doesnt fit very well and looks a mess in this post.
Perhaps you can cast your eye over it and make some observations that may
help as I do not really understand all the information contained.

81.140.65.54 is the SBS external static .192.168.16.41 is the XP internal
fixed IP 192.168.0.1 is the internal SBS ip
I can see a lot of DROPS in the log which seem to involve TCP and UDP ports

In all the research I have done I understood I only need to make sure to
open port 1723 so what are all the others, are they to do with the VPN
connection I am trying to make and do I need to open them.
I dont want to open them if that will cause me other problems. Can you advise

Thanks for your help

2008-04-25 14:15:42 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 13477 1723 -
- - - - - - - -
2008-04-25 14:15:46 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
- - - RECEIVE
2008-04-25 14:15:50 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
- - - RECEIVE
2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
3084194260 1133350834 9520 - - - SEND
2008-04-25 14:16:03 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
804954720 0 65535 - - - RECEIVE
2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
369768440 2327057425 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
3084194260 1133350834 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
369768440 2327057425 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
804954720 0 65535 - - - RECEIVE
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 1350240 A
3084194261 1133350834 9520 - - - SEND
2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
369768441 2327057425 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
369768440 2327057425 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
3084194260 1133350834 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
804954720 0 65535 - - - RECEIVE
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 40 A
3084194261 1133350834 9520 - - - SEND
2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
369768441 2327057425 9520 - - - SEND
2008-04-25 14:16:22 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
- - - - SEND
2008-04-25 14:16:24 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
1701259848 0 65535 - - - RECEIVE
2008-04-25 14:16:27 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
1701259848 0 65535 - - - RECEIVE
2008-04-25 14:16:33 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
1701259848 0 65535 - - - RECEIVE


"Bill Sanderson" wrote:

> I'm surprised at this result. I'd have thought that the VPN tunnel between
> the SBS server and the XP workstation would have bypassed the firewall.
>
> Here's what I think I would do to try to troubleshoot this:
>
> Arrange to be able to connect to one of the XP workstations via Remote
> Desktop. Open Remote Desktop through the Windows firewall on that XP
> machine.
>
> You may find that when the VPN tunnel connects, you lose the RDP connection,
> unfortunately--if that's the case, I'm not sure how to work around it.
>
> http://support.microsoft.com/kb/875357
>
> is the article I would use to guide your troubleshooting. However, I think
> you
> could save some time if you can find as much information about this
> "inherited software" as possible--particularly--what executables, if any,
> are involved on the XP end, and what ports and protocols.
>
> One thought is to open file and printer sharing through the firewall, which
> is a simple checkbox--if that is not already enabled. Another would be to
> modify the scope of that sharing to include not just the local (in-store)
> network, but also the IP address of the SBS 2003 server end of the VPN
> tunnel.
>
> The firewall on the XP end can be configured to log dropped packets. I'd
> suggest enabling this logging, and attempting a connection, and then
> inspecting the log to see what's happening. That should give you clues
> about what needs to be allowed through.
>
>
>
> "Leigh" <Leigh@discussions.microsoft.com> wrote in message
> news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
> >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> > I need to collect simple files from the XP machines using the 2003SBS and
> > the internet on a daily basis.
> > I have set XP machines as VPN servers
> > I can connect to these machines from the 2003SBS by VPN no problem
> >
> > My problem is this.
> >
> > When I try to map a drive in 2003SBS to the shared folder on the XP
> > machine
> > I am unable to do so except when the Windows firewall is switched off on
> > the
> > XP machine.
> > When the XP firewall is off every thing works fine.
> > What do I have to do to the firewall to allow access to the shared folder,
> > because I would rather not leave the firewall turned off permanently.
> >
> > Thanks for any help
> >
>
Top

Re: Connecting to XP sp2 machines by VPN by Leigh

Leigh
Fri May 09 03:25:00 PDT 2008

Hi Bill here is another log I have just created
Does this help us

2008-05-09 11:04:21 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 27348 1723 -
- - - - - - - -
2008-05-09 11:04:21 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:22 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:23 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:24 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:24 DROP UDP 192.168.0.171 255.255.255.255 68 67 328 - - - -
- - - RECEIVE
2008-05-09 11:04:24 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:25 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:26 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:27 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:27 DROP UDP 192.168.0.171 255.255.255.255 68 67 328 - - - -
- - - RECEIVE
2008-05-09 11:04:27 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:27 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:28 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:28 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:29 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:29 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:30 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:30 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:30 DROP UDP 192.168.0.170 255.255.255.255 138 138 209 - - -
- - - - SEND
2008-05-09 11:04:30 DROP UDP 192.168.0.170 255.255.255.255 138 138 245 - - -
- - - - SEND
2008-05-09 11:04:32 DROP UDP 192.168.0.170 255.255.255.255 138 138 209 - - -
- - - - SEND
2008-05-09 11:04:33 DROP UDP 192.168.0.170 255.255.255.255 138 138 209 - - -
- - - - SEND
2008-05-09 11:04:35 DROP UDP 192.168.0.170 255.255.255.255 138 138 209 - - -
- - - - SEND
2008-05-09 11:04:36 DROP UDP 192.168.0.170 255.255.255.255 138 138 221 - - -
- - - - SEND
2008-05-09 11:04:37 DROP UDP 192.168.0.170 255.255.255.255 138 138 221 - - -
- - - - SEND
2008-05-09 11:04:38 DROP UDP 192.168.0.170 255.255.255.255 138 138 221 - - -
- - - - SEND
2008-05-09 11:04:39 DROP UDP 192.168.0.170 255.255.255.255 138 138 221 - - -
- - - - SEND
2008-05-09 11:04:40 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:41 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:42 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:43 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:04:43 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:43 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:43 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:43 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:44 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:44 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:45 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:46 DROP UDP 192.168.0.170 255.255.255.255 137 137 96 - - -
- - - - SEND
2008-05-09 11:04:46 DROP UDP 192.168.0.170 255.255.255.255 138 138 209 - - -
- - - - SEND
2008-05-09 11:04:46 DROP UDP 192.168.0.170 255.255.255.255 138 138 209 - - -
- - - - SEND
2008-05-09 11:04:46 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
- - - - SEND
2008-05-09 11:04:47 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:04:47 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:48 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:48 DROP TCP 192.168.16.41 192.168.0.171 445 27382 48 SA
2944057071 1540601253 9520 - - - SEND
2008-05-09 11:04:48 OPEN-INBOUND TCP 192.168.0.1 192.168.16.41 27383 139 - -
- - - - - - -
2008-05-09 11:04:48 DROP TCP 192.168.16.41 192.168.0.171 139 27384 48 SA
293628911 1492339613 9520 - - - SEND
2008-05-09 11:04:48 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:51 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:04:51 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:51 DROP TCP 192.168.16.41 192.168.0.171 445 27382 48 SA
2944057071 1540601253 9520 - - - SEND
2008-05-09 11:04:51 DROP TCP 192.168.16.41 192.168.0.171 139 27384 48 SA
293628911 1492339613 9520 - - - SEND
2008-05-09 11:04:51 DROP TCP 192.168.16.41 192.168.0.171 445 27382 40 A
2944057072 1540601253 9520 - - - SEND
2008-05-09 11:04:51 DROP TCP 192.168.16.41 192.168.0.171 139 27384 40 A
293628912 1492339613 9520 - - - SEND
2008-05-09 11:04:52 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:53 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:55 DROP UDP 192.168.0.170 255.255.255.255 138 138 211 - - -
- - - - SEND
2008-05-09 11:04:55 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:04:55 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:56 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:57 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:04:57 DROP TCP 192.168.16.41 192.168.0.171 139 27384 48 SA
293628911 1492339613 9520 - - - SEND
2008-05-09 11:04:57 DROP TCP 192.168.16.41 192.168.0.171 445 27382 48 SA
2944057071 1540601253 9520 - - - SEND
2008-05-09 11:04:57 DROP TCP 192.168.16.41 192.168.0.171 445 27382 40 A
2944057072 1540601253 9520 - - - SEND
2008-05-09 11:04:57 DROP TCP 192.168.16.41 192.168.0.171 139 27384 40 A
293628912 1492339613 9520 - - - SEND
2008-05-09 11:05:00 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:05:00 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:00 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:01 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:04 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:05:04 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:05 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:05 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:08 DROP UDP 192.168.0.170 255.255.255.255 138 138 211 - - -
- - - - SEND
2008-05-09 11:05:08 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:05:08 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:09 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:09 CLOSE TCP 192.168.16.41 192.168.0.1 139 27383 - - - - -
- - - -
2008-05-09 11:05:09 DROP TCP 192.168.0.171 192.168.16.41 27389 80 48 S
2642745237 0 65535 - - - RECEIVE
2008-05-09 11:05:10 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:11 DROP UDP 192.168.16.41 239.255.255.250 1088 1900 161 - -
- - - - - RECEIVE
2008-05-09 11:05:12 OPEN TCP 192.168.16.41 192.168.16.254 1091 49153 - - - -
- - - - -
2008-05-09 11:05:12 CLOSE TCP 192.168.16.41 192.168.16.254 1091 49153 - - -
- - - - - -
2008-05-09 11:05:12 OPEN TCP 192.168.16.41 192.168.16.254 1092 49152 - - - -
- - - - -
2008-05-09 11:05:12 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:05:12 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:12 DROP TCP 192.168.0.171 192.168.16.41 27389 80 48 S
2642745237 0 65535 - - - RECEIVE
2008-05-09 11:05:13 CLOSE TCP 192.168.16.41 192.168.16.254 1092 49152 - - -
- - - - - -
2008-05-09 11:05:13 OPEN TCP 192.168.16.41 192.168.16.254 1094 49152 - - - -
- - - - -
2008-05-09 11:05:13 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:13 CLOSE TCP 192.168.16.41 213.171.216.66 1080 110 - - - -
- - - - -
2008-05-09 11:05:14 CLOSE TCP 192.168.16.41 192.168.16.254 1094 49152 - - -
- - - - - -
2008-05-09 11:05:14 DROP UDP 192.168.16.41 239.255.255.250 1088 1900 161 - -
- - - - - RECEIVE
2008-05-09 11:05:14 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:17 DROP UDP 192.168.0.170 255.255.255.255 138 138 202 - - -
- - - - SEND
2008-05-09 11:05:17 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:17 DROP UDP 192.168.16.41 239.255.255.250 1088 1900 161 - -
- - - - - RECEIVE
2008-05-09 11:05:17 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:18 DROP UDP 192.168.0.170 255.255.255.255 137 137 78 - - -
- - - - SEND
2008-05-09 11:05:19 DROP TCP 192.168.0.171 192.168.16.41 27389 80 48 S
2642745237 0 65535 - - - RECEIVE
2008-05-09 11:05:21 DROP UDP 192.168.0.170 255.255.255.255 138 138 211 - - -
- - - - SEND
2008-05-09 11:05:46 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
- - - - SEND
2008-05-09 11:05:49 OPEN UDP 192.168.16.41 195.26.36.3 1095 53 - - - - - - -
- -
2008-05-09 11:05:49 CLOSE TCP 192.168.16.41 81.140.65.54 1723 27348 - - - -
- - - - -

"Leigh" wrote:

> Hello Bill
>
> I have allowed the print and file sharing to be accessed by any computer
> (including those on the internet) previously and still no luck.!!
> I also created a log file "pfirewall" previously which I have copied into
> here. Unfortunately it doesnt fit very well and looks a mess in this post.
> Perhaps you can cast your eye over it and make some observations that may
> help as I do not really understand all the information contained.
>
> 81.140.65.54 is the SBS external static .192.168.16.41 is the XP internal
> fixed IP 192.168.0.1 is the internal SBS ip
> I can see a lot of DROPS in the log which seem to involve TCP and UDP ports
>
> In all the research I have done I understood I only need to make sure to
> open port 1723 so what are all the others, are they to do with the VPN
> connection I am trying to make and do I need to open them.
> I dont want to open them if that will cause me other problems. Can you advise
>
> Thanks for your help
>
> 2008-04-25 14:15:42 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 13477 1723 -
> - - - - - - - -
> 2008-04-25 14:15:46 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
> - - - RECEIVE
> 2008-04-25 14:15:50 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
> - - - RECEIVE
> 2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
> 3084194260 1133350834 9520 - - - SEND
> 2008-04-25 14:16:03 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
> 804954720 0 65535 - - - RECEIVE
> 2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
> 369768440 2327057425 9520 - - - SEND
> 2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
> 3084194260 1133350834 9520 - - - SEND
> 2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
> 369768440 2327057425 9520 - - - SEND
> 2008-04-25 14:16:06 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
> 804954720 0 65535 - - - RECEIVE
> 2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 1350240 A
> 3084194261 1133350834 9520 - - - SEND
> 2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
> 369768441 2327057425 9520 - - - SEND
> 2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
> 369768440 2327057425 9520 - - - SEND
> 2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
> 3084194260 1133350834 9520 - - - SEND
> 2008-04-25 14:16:12 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
> 804954720 0 65535 - - - RECEIVE
> 2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 40 A
> 3084194261 1133350834 9520 - - - SEND
> 2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
> 369768441 2327057425 9520 - - - SEND
> 2008-04-25 14:16:22 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
> - - - - SEND
> 2008-04-25 14:16:24 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
> 1701259848 0 65535 - - - RECEIVE
> 2008-04-25 14:16:27 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
> 1701259848 0 65535 - - - RECEIVE
> 2008-04-25 14:16:33 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
> 1701259848 0 65535 - - - RECEIVE
>
>
> "Bill Sanderson" wrote:
>
> > I'm surprised at this result. I'd have thought that the VPN tunnel between
> > the SBS server and the XP workstation would have bypassed the firewall.
> >
> > Here's what I think I would do to try to troubleshoot this:
> >
> > Arrange to be able to connect to one of the XP workstations via Remote
> > Desktop. Open Remote Desktop through the Windows firewall on that XP
> > machine.
> >
> > You may find that when the VPN tunnel connects, you lose the RDP connection,
> > unfortunately--if that's the case, I'm not sure how to work around it.
> >
> > http://support.microsoft.com/kb/875357
> >
> > is the article I would use to guide your troubleshooting. However, I think
> > you
> > could save some time if you can find as much information about this
> > "inherited software" as possible--particularly--what executables, if any,
> > are involved on the XP end, and what ports and protocols.
> >
> > One thought is to open file and printer sharing through the firewall, which
> > is a simple checkbox--if that is not already enabled. Another would be to
> > modify the scope of that sharing to include not just the local (in-store)
> > network, but also the IP address of the SBS 2003 server end of the VPN
> > tunnel.
> >
> > The firewall on the XP end can be configured to log dropped packets. I'd
> > suggest enabling this logging, and attempting a connection, and then
> > inspecting the log to see what's happening. That should give you clues
> > about what needs to be allowed through.
> >
> >
> >
> > "Leigh" <Leigh@discussions.microsoft.com> wrote in message
> > news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
> > >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> > > I need to collect simple files from the XP machines using the 2003SBS and
> > > the internet on a daily basis.
> > > I have set XP machines as VPN servers
> > > I can connect to these machines from the 2003SBS by VPN no problem
> > >
> > > My problem is this.
> > >
> > > When I try to map a drive in 2003SBS to the shared folder on the XP
> > > machine
> > > I am unable to do so except when the Windows firewall is switched off on
> > > the
> > > XP machine.
> > > When the XP firewall is off every thing works fine.
> > > What do I have to do to the firewall to allow access to the shared folder,
> > > because I would rather not leave the firewall turned off permanently.
> > >
> > > Thanks for any help
> > >
> >
Top

Re: Connecting to XP sp2 machines by VPN by Jim

Jim
Fri May 09 05:01:06 PDT 2008

I think I have seen this before. You probably need to add other
networks to allow foreign ips in. Here is my long story from a few
years ago. I hope it is relevant.
http://msmvps.com/blogs/bgb/archive/2006/05/16/95140.aspx

On Fri, 9 May 2008 02:25:01 -0700, Leigh
<Leigh@discussions.microsoft.com> wrote:

>Hello Bill
>
>I have allowed the print and file sharing to be accessed by any computer
>(including those on the internet) previously and still no luck.!!
>I also created a log file "pfirewall" previously which I have copied into
>here. Unfortunately it doesnt fit very well and looks a mess in this post.
>Perhaps you can cast your eye over it and make some observations that may
>help as I do not really understand all the information contained.
>
>81.140.65.54 is the SBS external static .192.168.16.41 is the XP internal
>fixed IP 192.168.0.1 is the internal SBS ip
>I can see a lot of DROPS in the log which seem to involve TCP and UDP ports
>
>In all the research I have done I understood I only need to make sure to
>open port 1723 so what are all the others, are they to do with the VPN
>connection I am trying to make and do I need to open them.
>I dont want to open them if that will cause me other problems. Can you advise
>
>Thanks for your help
>
>2008-04-25 14:15:42 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 13477 1723 -
>- - - - - - - -
>2008-04-25 14:15:46 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
>- - - RECEIVE
>2008-04-25 14:15:50 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
>- - - RECEIVE
>2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
>3084194260 1133350834 9520 - - - SEND
>2008-04-25 14:16:03 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
>804954720 0 65535 - - - RECEIVE
>2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
>369768440 2327057425 9520 - - - SEND
>2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
>3084194260 1133350834 9520 - - - SEND
>2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
>369768440 2327057425 9520 - - - SEND
>2008-04-25 14:16:06 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
>804954720 0 65535 - - - RECEIVE
>2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 1350240 A
>3084194261 1133350834 9520 - - - SEND
>2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
>369768441 2327057425 9520 - - - SEND
>2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
>369768440 2327057425 9520 - - - SEND
>2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
>3084194260 1133350834 9520 - - - SEND
>2008-04-25 14:16:12 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
>804954720 0 65535 - - - RECEIVE
>2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 40 A
>3084194261 1133350834 9520 - - - SEND
>2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
>369768441 2327057425 9520 - - - SEND
>2008-04-25 14:16:22 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
>- - - - SEND
>2008-04-25 14:16:24 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
>1701259848 0 65535 - - - RECEIVE
>2008-04-25 14:16:27 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
>1701259848 0 65535 - - - RECEIVE
>2008-04-25 14:16:33 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
>1701259848 0 65535 - - - RECEIVE
>
>
>"Bill Sanderson" wrote:
>
>> I'm surprised at this result. I'd have thought that the VPN tunnel between
>> the SBS server and the XP workstation would have bypassed the firewall.
>>
>> Here's what I think I would do to try to troubleshoot this:
>>
>> Arrange to be able to connect to one of the XP workstations via Remote
>> Desktop. Open Remote Desktop through the Windows firewall on that XP
>> machine.
>>
>> You may find that when the VPN tunnel connects, you lose the RDP connection,
>> unfortunately--if that's the case, I'm not sure how to work around it.
>>
>> http://support.microsoft.com/kb/875357
>>
>> is the article I would use to guide your troubleshooting. However, I think
>> you
>> could save some time if you can find as much information about this
>> "inherited software" as possible--particularly--what executables, if any,
>> are involved on the XP end, and what ports and protocols.
>>
>> One thought is to open file and printer sharing through the firewall, which
>> is a simple checkbox--if that is not already enabled. Another would be to
>> modify the scope of that sharing to include not just the local (in-store)
>> network, but also the IP address of the SBS 2003 server end of the VPN
>> tunnel.
>>
>> The firewall on the XP end can be configured to log dropped packets. I'd
>> suggest enabling this logging, and attempting a connection, and then
>> inspecting the log to see what's happening. That should give you clues
>> about what needs to be allowed through.
>>
>>
>>
>> "Leigh" <Leigh@discussions.microsoft.com> wrote in message
>> news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
>> >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
>> > I need to collect simple files from the XP machines using the 2003SBS and
>> > the internet on a daily basis.
>> > I have set XP machines as VPN servers
>> > I can connect to these machines from the 2003SBS by VPN no problem
>> >
>> > My problem is this.
>> >
>> > When I try to map a drive in 2003SBS to the shared folder on the XP
>> > machine
>> > I am unable to do so except when the Windows firewall is switched off on
>> > the
>> > XP machine.
>> > When the XP firewall is off every thing works fine.
>> > What do I have to do to the firewall to allow access to the shared folder,
>> > because I would rather not leave the firewall turned off permanently.
>> >
>> > Thanks for any help
>> >
>>
See what SBS support is working on
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
Top

Re: Connecting to XP sp2 machines by VPN by Leigh

Leigh
Fri May 09 06:19:01 PDT 2008

Hi Jim

Thanks for your input I found both articles very interresting. however I
have no idea what values to put into the scope parameters. That being so I
opted to use * as the easy no brain every thing allowed. But next problem
Which port to modify ???

Is this the same as changing the scope in fire wall set up for Print and
file sharing. If so I allready plumped for the "Any computer (including those
on the internet)

I have no idea which parts of the connections the firewall is blocking. I
have looked at the firewall log and googled the ports that have DROP in the
dialogue. That has scared me to death. PORTS 445 138 139 68 67 13518 13504
13502 13503 13477 what ever happened to good old "you only need 1723" I dont
have a clue what all the other ports are or if the word DROP indicates them
causing my problem (please see previous posts) any guidance here gratefully
recieved.

incidentally the software I am using makes no difference to my problem. If I
connect by VPN manually from SBS2003 into XPsp2 I cannot see shared folders
unless I switch off the firewall :-(

"Jim Behning SBS MVP" wrote:

> I think I have seen this before. You probably need to add other
> networks to allow foreign ips in. Here is my long story from a few
> years ago. I hope it is relevant.
> http://msmvps.com/blogs/bgb/archive/2006/05/16/95140.aspx
>
> On Fri, 9 May 2008 02:25:01 -0700, Leigh
> <Leigh@discussions.microsoft.com> wrote:
>
> >Hello Bill
> >
> >I have allowed the print and file sharing to be accessed by any computer
> >(including those on the internet) previously and still no luck.!!
> >I also created a log file "pfirewall" previously which I have copied into
> >here. Unfortunately it doesnt fit very well and looks a mess in this post.
> >Perhaps you can cast your eye over it and make some observations that may
> >help as I do not really understand all the information contained.
> >
> >81.140.65.54 is the SBS external static .192.168.16.41 is the XP internal
> >fixed IP 192.168.0.1 is the internal SBS ip
> >I can see a lot of DROPS in the log which seem to involve TCP and UDP ports
> >
> >In all the research I have done I understood I only need to make sure to
> >open port 1723 so what are all the others, are they to do with the VPN
> >connection I am trying to make and do I need to open them.
> >I dont want to open them if that will cause me other problems. Can you advise
> >
> >Thanks for your help
> >
> >2008-04-25 14:15:42 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 13477 1723 -
> >- - - - - - - -
> >2008-04-25 14:15:46 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
> >- - - RECEIVE
> >2008-04-25 14:15:50 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
> >- - - RECEIVE
> >2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
> >3084194260 1133350834 9520 - - - SEND
> >2008-04-25 14:16:03 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
> >804954720 0 65535 - - - RECEIVE
> >2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
> >369768440 2327057425 9520 - - - SEND
> >2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
> >3084194260 1133350834 9520 - - - SEND
> >2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
> >369768440 2327057425 9520 - - - SEND
> >2008-04-25 14:16:06 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
> >804954720 0 65535 - - - RECEIVE
> >2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 1350240 A
> >3084194261 1133350834 9520 - - - SEND
> >2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
> >369768441 2327057425 9520 - - - SEND
> >2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
> >369768440 2327057425 9520 - - - SEND
> >2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
> >3084194260 1133350834 9520 - - - SEND
> >2008-04-25 14:16:12 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
> >804954720 0 65535 - - - RECEIVE
> >2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 445 13502 40 A
> >3084194261 1133350834 9520 - - - SEND
> >2008-04-25 14:16:12 DROP TCP 192.168.16.41 192.168.0.174 139 13504 40 A
> >369768441 2327057425 9520 - - - SEND
> >2008-04-25 14:16:22 DROP UDP 192.168.0.170 255.255.255.255 138 138 239 - - -
> >- - - - SEND
> >2008-04-25 14:16:24 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
> >1701259848 0 65535 - - - RECEIVE
> >2008-04-25 14:16:27 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
> >1701259848 0 65535 - - - RECEIVE
> >2008-04-25 14:16:33 DROP TCP 192.168.0.174 192.168.16.41 13518 80 48 S
> >1701259848 0 65535 - - - RECEIVE
> >
> >
> >"Bill Sanderson" wrote:
> >
> >> I'm surprised at this result. I'd have thought that the VPN tunnel between
> >> the SBS server and the XP workstation would have bypassed the firewall.
> >>
> >> Here's what I think I would do to try to troubleshoot this:
> >>
> >> Arrange to be able to connect to one of the XP workstations via Remote
> >> Desktop. Open Remote Desktop through the Windows firewall on that XP
> >> machine.
> >>
> >> You may find that when the VPN tunnel connects, you lose the RDP connection,
> >> unfortunately--if that's the case, I'm not sure how to work around it.
> >>
> >> http://support.microsoft.com/kb/875357
> >>
> >> is the article I would use to guide your troubleshooting. However, I think
> >> you
> >> could save some time if you can find as much information about this
> >> "inherited software" as possible--particularly--what executables, if any,
> >> are involved on the XP end, and what ports and protocols.
> >>
> >> One thought is to open file and printer sharing through the firewall, which
> >> is a simple checkbox--if that is not already enabled. Another would be to
> >> modify the scope of that sharing to include not just the local (in-store)
> >> network, but also the IP address of the SBS 2003 server end of the VPN
> >> tunnel.
> >>
> >> The firewall on the XP end can be configured to log dropped packets. I'd
> >> suggest enabling this logging, and attempting a connection, and then
> >> inspecting the log to see what's happening. That should give you clues
> >> about what needs to be allowed through.
> >>
> >>
> >>
> >> "Leigh" <Leigh@discussions.microsoft.com> wrote in message
> >> news:B3009467-6D21-4EC4-99C8-BAC6AD48A285@microsoft.com...
> >> >I have Win 2003SBS and several Win XP sp2 standalone remote machines.
> >> > I need to collect simple files from the XP machines using the 2003SBS and
> >> > the internet on a daily basis.
> >> > I have set XP machines as VPN servers
> >> > I can connect to these machines from the 2003SBS by VPN no problem
> >> >
> >> > My problem is this.
> >> >
> >> > When I try to map a drive in 2003SBS to the shared folder on the XP
> >> > machine
> >> > I am unable to do so except when the Windows firewall is switched off on
> >> > the
> >> > XP machine.
> >> > When the XP firewall is off every thing works fine.
> >> > What do I have to do to the firewall to allow access to the shared folder,
> >> > because I would rather not leave the firewall turned off permanently.
> >> >
> >> > Thanks for any help
> >> >
> >>
> See what SBS support is working on
> http://blogs.technet.com/sbs/default.aspx
> Check your SBS with the SBS Best Practices Analyzer
> http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
>
Top

Re: Connecting to XP sp2 machines by VPN by Jim

Jim
Sun May 11 14:34:18 PDT 2008

No thinking cap on today. We have had issues with Trend's PCCillin
firewall. I did call them once when I could not get the right click to
get the vpn to work properly.

You might want to do a google search on th eport numbers. One or two
of those are netbios ports.

That article of mine is poorly format right now. I guess the format
was goofed up with various blog updates. Send me an email if you want
me to copy and paste the whole article. It apears in my browser to be
missing some words. You just delete the stuff between the @ and the m
of mindspring

On Fri, 9 May 2008 06:19:01 -0700, Leigh
<Leigh@discussions.microsoft.com> wrote:

>Hi Jim
>
>Thanks for your input I found both articles very interresting. however I
>have no idea what values to put into the scope parameters. That being so I
>opted to use * as the easy no brain every thing allowed. But next problem
>Which port to modify ???
>
>Is this the same as changing the scope in fire wall set up for Print and
>file sharing. If so I allready plumped for the "Any computer (including those
>on the internet)
>
>I have no idea which parts of the connections the firewall is blocking. I
>have looked at the firewall log and googled the ports that have DROP in the
>dialogue. That has scared me to death. PORTS 445 138 139 68 67 13518 13504
>13502 13503 13477 what ever happened to good old "you only need 1723" I dont
>have a clue what all the other ports are or if the word DROP indicates them
>causing my problem (please see previous posts) any guidance here gratefully
>recieved.
>
>incidentally the software I am using makes no difference to my problem. If I
>connect by VPN manually from SBS2003 into XPsp2 I cannot see shared folders
>unless I switch off the firewall :-(
>
>"Jim Behning SBS MVP" wrote:
>
>> I think I have seen this before. You probably need to add other
>> networks to allow foreign ips in. Here is my long story from a few
>> years ago. I hope it is relevant.
>> http://msmvps.com/blogs/bgb/archive/2006/05/16/95140.aspx
>>
>> On Fri, 9 May 2008 02:25:01 -0700, Leigh
>> <Leigh@discussions.microsoft.com> wrote:
>>
>> >Hello Bill
>> >
>> >I have allowed the print and file sharing to be accessed by any computer
>> >(including those on the internet) previously and still no luck.!!
>> >I also created a log file "pfirewall" previously which I have copied into
>> >here. Unfortunately it doesnt fit very well and looks a mess in this post.
>> >Perhaps you can cast your eye over it and make some observations that may
>> >help as I do not really understand all the information contained.
>> >
>> >81.140.65.54 is the SBS external static .192.168.16.41 is the XP internal
>> >fixed IP 192.168.0.1 is the internal SBS ip
>> >I can see a lot of DROPS in the log which seem to involve TCP and UDP ports
>> >
>> >In all the research I have done I understood I only need to make sure to
>> >open port 1723 so what are all the others, are they to do with the VPN
>> >connection I am trying to make and do I need to open them.
>> >I dont want to open them if that will cause me other problems. Can you advise
>> >
>> >Thanks for your help
>> >
>> >2008-04-25 14:15:42 OPEN-INBOUND TCP 81.140.65.54 192.168.16.41 13477 1723 -
>> >- - - - - - - -
>> >2008-04-25 14:15:46 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
>> >- - - RECEIVE
>> >2008-04-25 14:15:50 DROP UDP 192.168.0.174 255.255.255.255 68 67 328 - - - -
>> >- - - RECEIVE
>> >2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
>> >3084194260 1133350834 9520 - - - SEND
>> >2008-04-25 14:16:03 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
>> >804954720 0 65535 - - - RECEIVE
>> >2008-04-25 14:16:03 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
>> >369768440 2327057425 9520 - - - SEND
>> >2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 445 13502 48 SA
>> >3084194260 1133350834 9520 - - - SEND
>> >2008-04-25 14:16:06 DROP TCP 192.168.16.41 192.168.0.174 139 13504 48 SA
>> >369768440 2327057425 9520 - - - SEND
>> >2008-04-25 14:16:06 DROP TCP 192.168.0.1 192.168.16.41 13503 139 48 S
>> >804954720 0 65535 - - - RECEIVE
>> >2008-04-25 14:16:06 DROP TCP 192.