XPSP2 Firewall & PPTP VPN

[altMann]

I have set up a remote VPN server and confirmed that it will accept
connections however when I try to connect from any XPSP2 machine that
has Windows Firewall enabled the connection attempt hangs on
'connecting' and will eventually timeout.

TCP Port 1723 is included in the firewall exclusion list and I can see
the connections being made in the firewall log however the incoming
packets are being dropped.

OPEN TCP <ClientMachine> <ServerMachine> 1790 1723 - - - - - - - - -
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE

Again, disabling the firewall sees a successful connection.

Any relevant help most welcome.

Thanks.

 

[Robert L [MS-MVP]]

what's the error code? assumng you receive error 721 or 800, you may have a GRE issue. check this page for the details. http://www.chicagotech.net/VPN process.htm

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

I have set up a remote VPN server and confirmed that it will accept
connections however when I try to connect from any XPSP2 machine that
has Windows Firewall enabled the connection attempt hangs on
'connecting' and will eventually timeout.

TCP Port 1723 is included in the firewall exclusion list and I can see
the connections being made in the firewall log however the incoming
packets are being dropped.

OPEN TCP <ClientMachine> <ServerMachine> 1790 1723 - - - - - - - - -
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE
DROP TCP <ServerMachine> <ClientMachine> 1723 1777 56 AP 141584128
2104631169 16404 - - - RECEIVE

Again, disabling the firewall sees a successful connection.

Any relevant help most welcome.

Thanks.

 

[altMann]

Sorry Bob, unfortunatly the link you provided is a poor attempt at
self advertising (which is actually rather funny/crap).

Did you not see the packets being dropped in the attached log?

 

[altMann]

I've tried this on several machines now, some of which do not require
1723 to be added to the XP firewall exception list for the VPN to make
a successfull connection, others will not make a connection with the
firewall enabled even though there is an exception for 1723.

Are there any known problems with Windows patch versions and XP
firewall?