We help IT Professionals succeed at work.

ISA VPN  and "Upper Level" ports

isaint asked
Last Modified: 2013-11-16
I already posted this question to the MS Networking section, but after looking around some I think that this area may be more appropriate.

Here is my problem ...

I have got an SBS 2000 install and I use ISA Server to support VPN connections for Outlook/Exchange and minimal file access when necassary.

We also have a client server based application that uses SQL Server for document imaging.  The application is called LaserFische and I would
like to be able to use this across the VPN as well.

LaserFische does not operate on top of the SQL Server 2000 that ships with SBS, it requies the desktop version; I believe this is to control
licensing, although I don't think this is the root of my problem.

When I establish a VPN session, I can't connect to the SQL Server for LaserFische.  It basically
times out.

Our Laserfische support person says that this is probably due to the fact that client communicates with the Laserfische server (SQL Desktop?)
on port 1888, but this (and I guess any other upper level ports) would be blocked in a VPN session.

Is this true?  If so can it be changed?

Thanks for any help.

Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
This one is on us!
(Get your first solution completely free - no credit card required)


Tim-  That's what I thought on the encap stuff.  I looked at isaserver.org, but didn't see anything.

Thanks for the replies,

I am using using Windows XP clients to create a PPTP session to ISA- well actually it would technically be Windows 2000 RRAS, but I used the ISA wizards to set it all up....


I can ping the server successfully.

Everything is on one server here (SBS), so I don't think there would be any routing issues, etc.  

I can telnet to port 1888 but not 1433-I get a 'connect failed" message.  I would assume this has something to do with it being the desktop ver of SQL and/or a technicalilty of it being
somewhat of a proprietary app.

Thanks again for the help.

So.. this means you CAN connect to port 1888...  perhaps there are other ports in question here ?
1433 is the standard SQL port - if it's not there, then maybe this isn't a standard SQL application as you say.
We need to look at why the app is failing.  Is it possible the app is trying to connect back to the client (ie a back connection) somehow ?
Does the app work WITHOUT the ISA server in place ?
I was looking through the Laserfiche specs, and it appears to want WINSOCK support, and only runs on Win 95/98 and NT 4.0 - http://www.isomedia.com/emedia_rim/LaserFiche/LF%20Enterprise.pdf.
Maybe it won't run on XP ?
The product Laserfiche Weblink looks like a good alternative if this is the case ?
We're a little stuck... looks like the VPN tunnel is fine and port 1888 is let through - I suggest you get back in touch with Laserfiche Support and ask them what else could be wrong ?
At a long shot, it could be the MTU size on your VPN client ?  Try dropping to 1492 and seeing what happens.


This basically means that the maximum packet size is dropped from 1500 to 1492, to take into account encapsulation.
eg - encapsulate a 1500 bit packet,  it becomes 1508 in size, which may be fragmenting somewhere down the line and causing the client/server thing to go a bit funny. However, if you encapsulate a packet 1492 in size, in becomes 1500 bits in size, which is normal across most networks and won't be fragmented.


When manually attaching to the LF database (which you have to do across a VPN- presumably since their isn't any broadcast) you have to specify the database name spelling it with a Capital letter... :)

Oh well... thanks for the help..

Is this fixed now then ?  Was it purely typos that were giving you problems ?


Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.