VPN and Windows Firewall

[Leigh]

Hi I have set up a winXp sp2 standalone Pc as a VPN server to accept incoming
VPN calls.
I have set port forwarding on the router for port 1723
I can connect to the computer with a VPN connection easily from any computer
When I try to map a network drive to the shared folder on the XP computer I
can only do this when the Windows firewall is switched off.
If the firewall is on I can only connect to the PC and not browse it.
Can somebody please tell me why windows firewall is shoving a spanner in the
works and how to stop it because I dont want to leave it turned off.
Thank you

 

[Leigh]

Please can anyone give me some pointers

 

[davidgold]

Try adding an 'exception' to your firewall for File and Print Sharing.
DG

 

[Leigh]

Hi DG

I have found there was allready an exception on the fire wall for file and
print sharing. However on closer inspection I found I needed to change this
to allow the internet to share.

So I have an XP sp2 standalone set up as VPN server which will not let me
map drives to shared folders on it unless i turn off its fire wall.

This dictates that it must be something to do with the windows firewall and
I can see exceptions for file and print sharing Yes
In advanced tab on the local Area Connection I can see exceptions for
Incoming Connection VPN (L2TP) and Incoming Connection VPN (PPTP) and IP
Security (IKE) all ticked as enabled

Any more suggestions please

 

[Leigh]

Am I asking this question in the right place. ???

I cant believe nobody has any suggestions.

Im sorry if the question is a little basic, but we all have to start
somewhere.

Any help

Please

 

[Leigh]

I forgot to say that setting the print and file sharing made no difference at
all !!

 

[Dave Eckel]

Leig,

Your description matched my issue exactly (could map drives over site-to-site VPN only if XP firewalls turned off.) I believe I have a solution for you if you still need it.

At firewall exceptions look at 'File and Printer Sharing.' If you change the scope of TCP port 139 to "anyone" it's equivalent for this purpose to dropping the firewall. If you specify a "custom" list you can permit just the specific PC you want to have access or you can let an entire subnet through (e.g. 192.168.2.1/255.255.255.0 permits anyone in 192.168.2.nnn). This has to happen at both the local and the remote PC, and for that matter on each of the remote PCs you want to be able to browse and map.

I did find that there can be time delay or inconsistency in the firewall implenting the settings changes, though that could have been a VPN thing. At times net view \\[IP address] would work while net view /domain:[workgroupname] would fail, but I think that was a fluke.

Good luck! ...Dave