Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 445
  • Last Modified:

Trust over PPTP

In the Microsoft Knowledge Base Article - 179442 They mention:

"Alternatively, you can establish a trust through the Point-to-Point Tunneling Protocol (PPTP) compulsory tunnel, and this will limit the number of ports that the firewall will need to open. For PPTP, the following ports must be enabled:

Client Ports Server Port Protocol
1024-65535/TCP 1723/TCP PPTP "

Can anyone explain to me how to do this because Our firewall cannot have all the microsoft ports open which are outilined earlier in the same article.
0
pbuch
Asked:
pbuch
1 Solution
 
Netman66Commented:
What they're talking about is opening 1723 so the server can accept a VPN connection.  You don't need the other ports open unless you are allowing clients to make outbound requests.

0
 
What90Commented:
I'd suggest you also allow protocol 47 (GRE) for PPTP to work correctly.
0
 
JamesDSCommented:
pbuch

Microsoft publishes lots of how to information on how to get service working through firewalls. What exactly are you try to achieve?
Cheers

James
0
 
pbuchAuthor Commented:
This is the scenario. We have two distinct companies. ACorp and Bcorp. Acorp is on a Windows 2003 Domain and Forest Level and Bcorp is on a Windows 2000 domain and Forest level. Acorp wants to set up a outbound one trust to Bcorp. Bcorp will not trust Acorp. We have already deterimined that allowing the normal ports for a trust is too liberal a firewall setting for both enterprises. There is considerable red tape involved and so only allowing two of the the less attack MS ports is the better option. How do I set up a VPN to and from Acorp DCs to Bcorp DCs? Using Microsoft software. All the documentation refers to dial-up connections. ???
0
 
JamesDSCommented:
right then

You can set up a Lan to Lan VPN using Microsoft RRAS Server. If you use the "free with Windows 2003 version" you will be able to use L2TP over IPSEC which is far stronger and supports NAT Traversal - necessary to get through your firewalls.

the Wizard that comes with the 2003 version of RRAS has excellent help with it. start there and then post your next questions!

Cheers

JamesDS
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now