PPTP VPN WINDOWS XP pro SP2

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I am trying to make a connection by Windows VPN (pptp) thru the new FireWall
from sp2 of XP from my home to the server on my work.

Fact:
When disabling the FW: all =OK

When enabling the FW and adding the 1723 TCP port it will not pass the
Username/password screen.

How do I configure the FW?

Thanks,.

Regards,

Michel.
 
mheuvelm said:
Hi,

I am trying to make a connection by Windows VPN (pptp) thru the new FireWall
from sp2 of XP from my home to the server on my work.

Fact:
When disabling the FW: all =OK

When enabling the FW and adding the 1723 TCP port it will not pass the
Username/password screen.

How do I configure the FW?
Click to expand...
Hi

Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875357

and

Description of the Windows Firewall feature in Windows XP
Service Pack 2
http://support.microsoft.com/default.aspx?kbid=843090

Understanding Windows Firewall/Introduction
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
 
mheuvelm said:
Hi,

I am trying to make a connection by Windows VPN (pptp) thru the new FireWall
from sp2 of XP from my home to the server on my work.

Fact:
When disabling the FW: all =OK

When enabling the FW and adding the 1723 TCP port it will not pass the
Username/password screen.

How do I configure the FW?

Thanks,.

Regards,

Michel.
Click to expand...

I am having the same problem. This has been an ongoing problem. Take a
look in the microsoft.public.windows.networking.firewall newsgroup for
more discussion. The thread is titled "VPN Fails After XP SP2."
 
Strange! When editing the registry I came to a strange …

When changing the value on:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1723:TCP"="1723:TCP:*:Enabled:PPTP"

change "1723:TCP"="1723:TCP:*:Enabled:PPTP"

to "1724:TCP"="1724:TCP:*:Enabled:PPTP"

and back to the correct setting "1723:TCP"="1723:TCP:*:Enabled:PPTP"

Doing this and I can connect 1 time only, changing again each time, and i
connect only 1 time?

Anybody have a suggestion? I you ask me nobody at MS tested this FW using
PPTP….?

Michel.
 
mheuvelm said:
Anybody have a suggestion? I you ask me nobody at MS tested this FW using
PPTP….?
Click to expand...

The problem I see is different. I have 1723:TCP open, but I still cannot
connect. There are no other firewalss or routers involved. As soon as I
turn off ICF, it works fine. The really odd part is that if I try to
connect, press the cancel button while it is trying to connect, and then
try to connect again, it works every time.
 
Doesn't work for me...? Why?



Jerry Baker said:
The problem I see is different. I have 1723:TCP open, but I still cannot
connect. There are no other firewalss or routers involved. As soon as I
turn off ICF, it works fine. The really odd part is that if I try to
connect, press the cancel button while it is trying to connect, and then
try to connect again, it works every time.
Click to expand...
 
I use Cisco VPN software for a range of customers . After installing SP2 it
failed to connect.
All I did was review the properties on the connection I use . It says
connected, Firewalled.
Select Advanced -> settings ->Exceptions and then choose add program.
I then browse for the executable to run the Cisco VPN (ipsecdialer) and add
it.

Presto! connections all back!
 
Hi,

I may have the answer for you. I was having the following problem with the
PPTP VPN client in SP2: I was able to connect to my office, which has a PPTP
server; I was able to use HTTP, SMTP, FTP and other protocols in the tunnel.
However I was unable to map a drive and access the remote file system. If I
turned FW off for that connection, everything work fine.

After doing some research, I finally figured out, by turning the FW Log ON,
that it was rejecting the NetBios Name Service UDP port (137) replies coming
from the remote. Looking in the FW configuration->Exception->File and Print
Sharing, I noticed that the port 137 scope was set to "subnet only". Well, in
my setup, the subnet at the server side is 192.168.3.0/24 and the subnet at
the client side is 192.168.5.0/24, i.e., differents and therefore not within
the "subnet scope". All I did was to change the scope to "any" and everything
worked OK even with FW on .

I did not have to set any exception for port 1723 (PPTP TCP port). It is by
default unblocked.

Hope it will work for you.
 
Back
Top