Solved

Trust over PPTP

Posted on 2004-03-29
7
426 Views
Last Modified: 2010-08-05
In the Microsoft Knowledge Base Article - 179442 They mention:

"Alternatively, you can establish a trust through the Point-to-Point Tunneling Protocol (PPTP) compulsory tunnel, and this will limit the number of ports that the firewall will need to open. For PPTP, the following ports must be enabled:

Client Ports Server Port Protocol
1024-65535/TCP 1723/TCP PPTP "

Can anyone explain to me how to do this because Our firewall cannot have all the microsoft ports open which are outilined earlier in the same article.
0
Comment
Question by:pbuch
7 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 10706162
What they're talking about is opening 1723 so the server can accept a VPN connection.  You don't need the other ports open unless you are allowing clients to make outbound requests.

0
 
LVL 20

Expert Comment

by:What90
ID: 10709085
I'd suggest you also allow protocol 47 (GRE) for PPTP to work correctly.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10711039
pbuch

Microsoft publishes lots of how to information on how to get service working through firewalls. What exactly are you try to achieve?
Cheers

James
0
 

Author Comment

by:pbuch
ID: 10713657
This is the scenario. We have two distinct companies. ACorp and Bcorp. Acorp is on a Windows 2003 Domain and Forest Level and Bcorp is on a Windows 2000 domain and Forest level. Acorp wants to set up a outbound one trust to Bcorp. Bcorp will not trust Acorp. We have already deterimined that allowing the normal ports for a trust is too liberal a firewall setting for both enterprises. There is considerable red tape involved and so only allowing two of the the less attack MS ports is the better option. How do I set up a VPN to and from Acorp DCs to Bcorp DCs? Using Microsoft software. All the documentation refers to dial-up connections. ???
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10713943
right then

You can set up a Lan to Lan VPN using Microsoft RRAS Server. If you use the "free with Windows 2003 version" you will be able to use L2TP over IPSEC which is far stronger and supports NAT Traversal - necessary to get through your firewalls.

the Wizard that comes with the 2003 version of RRAS has excellent help with it. start there and then post your next questions!

Cheers

JamesDS
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now