Hi, this documentation is from teh Windows 2000 Server Networking Manual, it should help you. You will find all ports and Protocol Types you need to configure your router. Christian Add PPTP filters ·Select the PPTP interface ·Set PPTP input filters ·Set PPTP output filters To select the PPTP interface 1. Open Routing and Remote Access. 2. In the console tree, click General. Where? L Routing and Remote Access L server name L IP Routing L General 3. In the details pane, right-click the interface on which you want to enable PPTP filtering, and then click Properties. Notes ·To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. ·All six filters work together to complete PPTP filtering. The PPTP filtering is not secure unless all six filters are set correctly. ·If the six filters are the only filters configured, then the only traffic that is allowed in and out of the interface is PPTP traffic to and from the PPTP server and PPTP client on the computer running Windows 2000 Server. To set PPTP input filters To set PPTP input filters, you must configure up to three input filters and select the appropriate filter action. To add the first input filter 1. On the General tab, click Input Filters. 2. In the Input Filters dialog box, click Add. 3. In the Add IP Filter dialog box, select the Destination network check box. 4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 5. In Protocol, click Other. 6. In Protocol name, type 47, and then click OK. To add the second input filter 1. In the Input Filters dialog box, click Add. 2. In the Add IP Filter dialog box, select the Destination network check box. 3. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 4. In Protocol, click TCP. 5. In Source port, type 0. 6. In Destination port, type 1723, and then click OK. To add the third input filter (optional) If the PPTP server computer is also used as a PPTP client, you need to configure an additional filter. 1. In the Input Filters dialog box, click Add. 2. In the Add IP Filter dialog box, select the Destination network check box. 3. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 4. In Protocol, click TCP [established]. 5. In Source port, type 1723. 6. In Destination port, type 0, and then click OK. To select the filter action for the input filters ·In the Input Filters dialog box, click Drop all packets except those that meet the criteria below, and then click OK. To set PPTP output filters To set PPTP output filters, you must configure up to three output filters and select the appropriate filter action. To add the first output filter 1. On the General tab, click Output Filters. 2. In the Output Filters dialog box, click Add. 3. In the Add IP Filter dialog box, select the Source network check box. 4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 5. In Protocol, click Other. 6. In the Protocol box, type 47, and then click OK. To add the second output filter 1. In the Output Filters dialog box, click Add. 2. In the Add IP Filter dialog box, select the Source network check box. 3. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 4. In Protocol, click TCP. 5. In Source port, type 1723. 6. In Destination port, type 0, and then click OK. To add the third output filter (optional) If the PPTP server computer is also used as a PPTP client, you need to configure an additional filter. 1. In the Output Filters dialog box, click Add. 2. In the Add IP Filter dialog box, select the Source network check box. 3. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 4. In Protocol, click TCP [established]. 5. In Source port, type 0. 6. In Destination port, type 1723, and then click OK. To select the filter action for the output filters ·In the Output Filters dialog box, click Drop all packets except those that meet the criteria below, and then click OK. Add L2TP over IPSec filters ·Select the L2TP over IPSec interface ·Set L2TP over IPSec input filters ·Set L2TP over IPSec output filters To select the L2TP over IPSec interface 1. Open Routing and Remote Access. 2. In the console tree, click General. Where? L Routing and Remote Access L server name L IP Routing L General 3. In the details pane, click the interface on which you want to enable L2TP over IPSec filtering, scroll to the IP Address column, and write down the IP address assigned to the interface. 4. Right-click the interface, and then click Properties. Notes ·To open Routing and Remote Access, click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access. ·All four L2TP over IPSec input and output filters work together to complete L2TP over IPSec filtering. The L2TP over IPSec filtering is not secure unless all four filters are set correctly. ·If the four L2TP over IPSec filters are the only filters that are configured, then the only traffic that is allowed in and out of the interface is L2TP over IPSec traffic to and from the L2TP server and L2TP client on the computer running Windows 2000 Server. To set L2TP over IPSec input filters To set L2TP over IPSec input filters, you must configure the filters and select the appropriate filter action. To add the first L2TP over IPSec input filter 1. On the General tab, click Input Filters. 2. In the Input Filters dialog box, click Add. 3. In the Add IP Filter dialog box, select the Destination network check box. 4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 5. In Protocol, click UDP. 6. In Source port, type 500. 7. In Destination port, type 500, and then click OK. To add the second L2TP over IPSec input filter 1. On the General tab, click Input Filters. 2. In the Input Filters dialog box, click Add. 3. In the Add IP Filter dialog box, select the Destination network check box. 4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 5. In Protocol, click UDP. 6. In Source port, type 1701. 7. In Destination port, type 1701, and then click OK. To select the filter action for the input filter ·In the Input Filters dialog box, click Drop all packets except those that meet the criteria below, and then click OK. To set L2TP over IPSec output filters To set L2TP over IPSec output filters, you must configure the filters and select the appropriate filter action. To add the first L2TP over IPSec output filter 1. On the General tab, click Output Filters. 2. In the Output Filters dialog box, click Add. 3. In the Add IP Filter dialog box, select the Source network check box. 4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 5. In Protocol, click UDP. 6. In Source port, type 500. 7. In Destination port, type 500, and then click OK. To add the second over IPSec L2TP output filter 1. On the General tab, click Output Filters. 2. In the Output Filters dialog box, click Add. 3. In the Add IP Filter dialog box, select the Source network check box. 4. In IP Address type the IP address of the interface, and in Subnet mask, type 255.255.255.255. 5. In Protocol, click UDP. 6. In Source port, type 1701. 7. In Destination port, type 1701, and then click OK. To select the filter action for the output filter · In the Output Filters dialog box, click Drop all packets except those that meet the criteria below, and then click OK. -----Ursprüngliche Nachricht----- Von: Mikael [mailto:mikmak50@xxxxxxxxxxx] Gesendet: Mittwoch, 9. Januar 2002 11:54 An: [ISAserver.org Discussion List] Betreff: [isalist] VPN thru a router http://www.ISAserver.org Hi all, I would like to connect a internet VPN client to my ISA thru a router. Which port do I need to open on the router to allow the ISA client to connect to the internal ISA server? VPNClient(Internet) => Router(firewall) => ISA => internal Network Thanks a lot, Mikael. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: csommer@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')