AW: VPN thru a router

• From: "Christian Sommer" <csommer@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 9 Jan 2002 13:40:21 +0100

Hi,

this documentation is from teh Windows 2000 Server Networking Manual, it should 
help you. You will find all ports and Protocol Types you need to configure your 
router.

Christian


Add PPTP filters
  
·Select the PPTP interface 
·Set PPTP input filters 
·Set PPTP output filters 
To select the PPTP interface
1. Open Routing and Remote Access. 
2. In the console tree, click General. Where?
L Routing and Remote Access 
  L server name 
     L IP Routing 
        L General 
3. In the details pane, right-click the interface on which you want to enable 
PPTP filtering, and then click Properties. 
Notes
·To open Routing and Remote Access, click Start, point to Programs, point to 
Administrative Tools, and then click Routing and Remote Access. 
·All six filters work together to complete PPTP filtering. The PPTP filtering 
is not secure unless all six filters are set correctly. 
·If the six filters are the only filters configured, then the only traffic that 
is allowed in and out of the interface is PPTP traffic to and from the PPTP 
server and PPTP client on the computer running Windows 2000 Server. 
To set PPTP input filters
To set PPTP input filters, you must configure up to three input filters and 
select the appropriate filter action.
To add the first input filter 
1. On the General tab, click Input Filters. 
2. In the Input Filters dialog box, click Add. 
3. In the Add IP Filter dialog box, select the Destination network check box. 
4. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
5. In Protocol, click Other. 
6. In Protocol name, type 47, and then click OK. 
To add the second input filter 
1. In the Input Filters dialog box, click Add. 
2. In the Add IP Filter dialog box, select the Destination network check box. 
3. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
4. In Protocol, click TCP. 
5. In Source port, type 0. 
6. In Destination port, type 1723, and then click OK. 
To add the third input filter (optional) 
If the PPTP server computer is also used as a PPTP client, you need to 
configure an additional filter.
1. In the Input Filters dialog box, click Add. 
2. In the Add IP Filter dialog box, select the Destination network check box. 
3. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
4. In Protocol, click TCP [established]. 
5. In Source port, type 1723. 
6. In Destination port, type 0, and then click OK. 
To select the filter action for the input filters 
·In the Input Filters dialog box, click Drop all packets except those that meet 
the criteria below, and then click OK. 
To set PPTP output filters
To set PPTP output filters, you must configure up to three output filters and 
select the appropriate filter action.
To add the first output filter 
1. On the General tab, click Output Filters. 
2. In the Output Filters dialog box, click Add. 
3. In the Add IP Filter dialog box, select the Source network check box. 
4. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
5. In Protocol, click Other. 
6. In the Protocol box, type 47, and then click OK. 
To add the second output filter 
1. In the Output Filters dialog box, click Add. 
2. In the Add IP Filter dialog box, select the Source network check box. 
3. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
4. In Protocol, click TCP. 
5. In Source port, type 1723. 
6. In Destination port, type 0, and then click OK. 
To add the third output filter (optional) 
If the PPTP server computer is also used as a PPTP client, you need to 
configure an additional filter.
1. In the Output Filters dialog box, click Add. 
2. In the Add IP Filter dialog box, select the Source network check box. 
3. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
4. In Protocol, click TCP [established]. 
5. In Source port, type 0. 
6. In Destination port, type 1723, and then click OK. 
To select the filter action for the output filters 
·In the Output Filters dialog box, click Drop all packets except those that 
meet the criteria below, and then click OK. 
Add L2TP over IPSec filters
  
·Select the L2TP over IPSec interface 
·Set L2TP over IPSec input filters 
·Set L2TP over IPSec output filters 
To select the L2TP over IPSec interface
1. Open Routing and Remote Access. 
2. In the console tree, click General. Where?
L Routing and Remote Access 
  L server name 
     L IP Routing 
        L General 
3. In the details pane, click the interface on which you want to enable L2TP 
over IPSec filtering, scroll to the IP Address column, and write down the IP 
address assigned to the interface. 
4. Right-click the interface, and then click Properties. 
Notes
·To open Routing and Remote Access, click Start, point to Programs, point to 
Administrative Tools, and then click Routing and Remote Access. 
·All four L2TP over IPSec input and output filters work together to complete 
L2TP over IPSec filtering. The L2TP over IPSec filtering is not secure unless 
all four filters are set correctly. 
·If the four L2TP over IPSec filters are the only filters that are configured, 
then the only traffic that is allowed in and out of the interface is L2TP over 
IPSec traffic to and from the L2TP server and L2TP client on the computer 
running Windows 2000 Server. 
To set L2TP over IPSec input filters
To set L2TP over IPSec input filters, you must configure the filters and select 
the appropriate filter action.
To add the first L2TP over IPSec input filter 
1. On the General tab, click Input Filters. 
2. In the Input Filters dialog box, click Add. 
3. In the Add IP Filter dialog box, select the Destination network check box. 
4. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
5. In Protocol, click UDP. 
6. In Source port, type 500. 
7. In Destination port, type 500, and then click OK. 
To add the second L2TP over IPSec input filter 
1. On the General tab, click Input Filters. 
2. In the Input Filters dialog box, click Add. 
3. In the Add IP Filter dialog box, select the Destination network check box. 
4. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
5. In Protocol, click UDP. 
6. In Source port, type 1701. 
7. In Destination port, type 1701, and then click OK. 
To select the filter action for the input filter 
·In the Input Filters dialog box, click Drop all packets except those that meet 
the criteria below, and then click OK. 
To set L2TP over IPSec output filters
To set L2TP over IPSec output filters, you must configure the filters and 
select the appropriate filter action.
To add the first L2TP over IPSec output filter 
1. On the General tab, click Output Filters. 
2. In the Output Filters dialog box, click Add. 
3. In the Add IP Filter dialog box, select the Source network check box. 
4. In IP Address, type the IP address of the interface, and in Subnet mask, 
type 255.255.255.255. 
5. In Protocol, click UDP. 
6. In Source port, type 500. 
7. In Destination port, type 500, and then click OK. 
To add the second over IPSec L2TP output filter 
1. On the General tab, click Output Filters. 
2. In the Output Filters dialog box, click Add. 
3. In the Add IP Filter dialog box, select the Source network check box. 
4. In IP Address type the IP address of the interface, and in Subnet mask, type 
255.255.255.255. 
5. In Protocol, click UDP. 
6. In Source port, type 1701. 
7. In Destination port, type 1701, and then click OK. 
To select the filter action for the output filter 
·       In the Output Filters dialog box, click Drop all packets except those 
that meet the criteria below, and then click OK. 

-----Ursprüngliche Nachricht-----
Von: Mikael [mailto:mikmak50@xxxxxxxxxxx]
Gesendet: Mittwoch, 9. Januar 2002 11:54
An: [ISAserver.org Discussion List]
Betreff: [isalist] VPN thru a router


http://www.ISAserver.org


Hi all,

I would like to connect a internet VPN client to my ISA thru a router.
Which port do I need to open on the router to allow the ISA client to
connect to the internal ISA server?

VPNClient(Internet) => Router(firewall) => ISA => internal Network

Thanks a lot,

Mikael.

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
csommer@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » AW: VPN thru a router

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---