Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

What port needs opened?

Posted on 2004-09-17
Last Modified: 2010-04-12
Here's my set up:

I have a Firewalled Cisco Router provided by my ISP.  (I do not manage this)
I have a Windows 2003 Domain server behind the firewall.
I need for my users to be able to access the domain server from outside the firewall.
I can have an external IP bound to the internal ip of the Domain Server through the router.
My ISP wants to know what port(s) they need to open to allow VPN access through.  I have no idea.  Is there a standard port?  Please help.
Question by:QueenKretee
  • 4
  • 4
LVL 15

Expert Comment

ID: 12087021
You have a firewall behind your router? what is this firewall, a cisco pix?
LVL 79

Expert Comment

ID: 12089138
If you want to use Terminal Services to access the server, you need TCP port 3389 only.

Author Comment

ID: 12089555
I want some of my users to be able to VPN into the domain server using Windows XP's VPN functionality.
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

LVL 79

Expert Comment

ID: 12089750
Then you need to open TCP 1723, and you need to have a 1-1 static NAT with GRE protocol along with that..

Author Comment

ID: 12090183
What? What? Huh?  Please elaborate on what you just stated lrmoore.  Here's a little more info on what I've done from information that I have gathered here on experts exchange on my own.  I have asked my ISP to do the following.  Bind the public ip 24.xxx.xxx.xxx to internal ip, which is my domain server.  I have asked the to open ports 500, 1723 and 3389, also Protocol 50 and Protocol 51.  Now, I can use Teminal Services to access my domain server from my home.  However, I still cannot vpn in.   The message box first states, "Connecting to 24.xxx.xxx.xxx".  Then "Verifying User Name and Password.  Following,  I am getting the error:

Error 721: The remote computer did not resond.

It is also possible that I have not set up my xp vpn client properly or my Remote Access setting on my domain server.  Please excuse my ignorance as my expertise is programming, not network administation.  

On the server end, my user id in the "Dial in settings" is set for to "Allow Access"
I have used the Windows 2003 Wizard to set up my RAS.  And the Windows XP wizard to set up my vpn.

Please assist.  Many thanks in advance.


Author Comment

ID: 12090191
Oh, also what does this mean?  "you need to have a 1-1 static NAT with GRE protocol along with that.."
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 12091434
>Bind the public ip 24.xxx.xxx.xxx to internal ip, which is my domain server
This is a 1-to-1 static NAT so you're OK on that

>also Protocol 50 and Protocol 51.
You also need Protocol 47, GRE

Here's a guide on VPN w/2003



Author Comment

ID: 12096129
It worked.  Many, many thanks.
LVL 79

Expert Comment

ID: 12096250

Glad to help..

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA Restarted Suddenly 11 91
Which is more secure: EAP or machine certificate for IKEv2 VPN? 1 135
VPN problems 4 27
domian network access 5 23
Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question