Solved

Trust over PPTP

Posted on 2004-03-29
7
429 Views
Last Modified: 2010-08-05
In the Microsoft Knowledge Base Article - 179442 They mention:

"Alternatively, you can establish a trust through the Point-to-Point Tunneling Protocol (PPTP) compulsory tunnel, and this will limit the number of ports that the firewall will need to open. For PPTP, the following ports must be enabled:

Client Ports Server Port Protocol
1024-65535/TCP 1723/TCP PPTP "

Can anyone explain to me how to do this because Our firewall cannot have all the microsoft ports open which are outilined earlier in the same article.
0
Comment
Question by:pbuch
7 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 10706162
What they're talking about is opening 1723 so the server can accept a VPN connection.  You don't need the other ports open unless you are allowing clients to make outbound requests.

0
 
LVL 20

Expert Comment

by:What90
ID: 10709085
I'd suggest you also allow protocol 47 (GRE) for PPTP to work correctly.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10711039
pbuch

Microsoft publishes lots of how to information on how to get service working through firewalls. What exactly are you try to achieve?
Cheers

James
0
 

Author Comment

by:pbuch
ID: 10713657
This is the scenario. We have two distinct companies. ACorp and Bcorp. Acorp is on a Windows 2003 Domain and Forest Level and Bcorp is on a Windows 2000 domain and Forest level. Acorp wants to set up a outbound one trust to Bcorp. Bcorp will not trust Acorp. We have already deterimined that allowing the normal ports for a trust is too liberal a firewall setting for both enterprises. There is considerable red tape involved and so only allowing two of the the less attack MS ports is the better option. How do I set up a VPN to and from Acorp DCs to Bcorp DCs? Using Microsoft software. All the documentation refers to dial-up connections. ???
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10713943
right then

You can set up a Lan to Lan VPN using Microsoft RRAS Server. If you use the "free with Windows 2003 version" you will be able to use L2TP over IPSEC which is far stronger and supports NAT Traversal - necessary to get through your firewalls.

the Wizard that comes with the 2003 version of RRAS has excellent help with it. start there and then post your next questions!

Cheers

JamesDS
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question