Solved

Trust over PPTP

Posted on 2004-03-29
7
439 Views
Last Modified: 2010-08-05
In the Microsoft Knowledge Base Article - 179442 They mention:

"Alternatively, you can establish a trust through the Point-to-Point Tunneling Protocol (PPTP) compulsory tunnel, and this will limit the number of ports that the firewall will need to open. For PPTP, the following ports must be enabled:

Client Ports Server Port Protocol
1024-65535/TCP 1723/TCP PPTP "

Can anyone explain to me how to do this because Our firewall cannot have all the microsoft ports open which are outilined earlier in the same article.
0
Comment
Question by:pbuch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 10706162
What they're talking about is opening 1723 so the server can accept a VPN connection.  You don't need the other ports open unless you are allowing clients to make outbound requests.

0
 
LVL 20

Expert Comment

by:What90
ID: 10709085
I'd suggest you also allow protocol 47 (GRE) for PPTP to work correctly.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10711039
pbuch

Microsoft publishes lots of how to information on how to get service working through firewalls. What exactly are you try to achieve?
Cheers

James
0
 

Author Comment

by:pbuch
ID: 10713657
This is the scenario. We have two distinct companies. ACorp and Bcorp. Acorp is on a Windows 2003 Domain and Forest Level and Bcorp is on a Windows 2000 domain and Forest level. Acorp wants to set up a outbound one trust to Bcorp. Bcorp will not trust Acorp. We have already deterimined that allowing the normal ports for a trust is too liberal a firewall setting for both enterprises. There is considerable red tape involved and so only allowing two of the the less attack MS ports is the better option. How do I set up a VPN to and from Acorp DCs to Bcorp DCs? Using Microsoft software. All the documentation refers to dial-up connections. ???
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10713943
right then

You can set up a Lan to Lan VPN using Microsoft RRAS Server. If you use the "free with Windows 2003 version" you will be able to use L2TP over IPSEC which is far stronger and supports NAT Traversal - necessary to get through your firewalls.

the Wizard that comes with the 2003 version of RRAS has excellent help with it. start there and then post your next questions!

Cheers

JamesDS
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question