Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Trust over PPTP

Posted on 2004-03-29
7
Medium Priority
?
442 Views
Last Modified: 2010-08-05
In the Microsoft Knowledge Base Article - 179442 They mention:

"Alternatively, you can establish a trust through the Point-to-Point Tunneling Protocol (PPTP) compulsory tunnel, and this will limit the number of ports that the firewall will need to open. For PPTP, the following ports must be enabled:

Client Ports Server Port Protocol
1024-65535/TCP 1723/TCP PPTP "

Can anyone explain to me how to do this because Our firewall cannot have all the microsoft ports open which are outilined earlier in the same article.
0
Comment
Question by:pbuch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 10706162
What they're talking about is opening 1723 so the server can accept a VPN connection.  You don't need the other ports open unless you are allowing clients to make outbound requests.

0
 
LVL 20

Expert Comment

by:What90
ID: 10709085
I'd suggest you also allow protocol 47 (GRE) for PPTP to work correctly.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10711039
pbuch

Microsoft publishes lots of how to information on how to get service working through firewalls. What exactly are you try to achieve?
Cheers

James
0
 

Author Comment

by:pbuch
ID: 10713657
This is the scenario. We have two distinct companies. ACorp and Bcorp. Acorp is on a Windows 2003 Domain and Forest Level and Bcorp is on a Windows 2000 domain and Forest level. Acorp wants to set up a outbound one trust to Bcorp. Bcorp will not trust Acorp. We have already deterimined that allowing the normal ports for a trust is too liberal a firewall setting for both enterprises. There is considerable red tape involved and so only allowing two of the the less attack MS ports is the better option. How do I set up a VPN to and from Acorp DCs to Bcorp DCs? Using Microsoft software. All the documentation refers to dial-up connections. ???
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 2000 total points
ID: 10713943
right then

You can set up a Lan to Lan VPN using Microsoft RRAS Server. If you use the "free with Windows 2003 version" you will be able to use L2TP over IPSEC which is far stronger and supports NAT Traversal - necessary to get through your firewalls.

the Wizard that comes with the 2003 version of RRAS has excellent help with it. start there and then post your next questions!

Cheers

JamesDS
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question