[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 452
  • Last Modified:

Microsoft VPN through ASA 5510

I've got a few clients on our internal network that need to connect out onto the net to other networks by using microsoft VPN. They use this to retrieve mail from the exchange server sitting externally.

It seems to find the server but fails at the authentication stage.

Do I need to create a NAT for this? Our internal address range is on DHCP so I can't create a static NAT.

What ports need to be opened?

0
condorcape
Asked:
condorcape
  • 4
  • 2
1 Solution
 
cedarghostCommented:
No, NAT should be running on the other side of their connection. Just make sure ports 1723 TCP and 47 IP (for GRE) are open.
0
 
condorcapeAuthor Commented:
TCP or UDP?
0
 
condorcapeAuthor Commented:
Oh sorry, just saw you mentioned it :)

0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
cedarghostCommented:
If you want to connect from the outside to the vpn server, you have to open ports 1723 and  47 TCP and UDP .
That's using PPTP. If you are doing IPSec over L2TP it is totally different.
0
 
condorcapeAuthor Commented:
Great, I've managed to get it working!

Thanks a mill!

0
 
antioedCommented:
Port connectivity should be taken care of by VPN, I would check for IP or DNS problems but you know your network best!  Here's your info:

http://support.microsoft.com/kb/176466/

Communication between Exchange Client computers and Exchange Server computers
An Exchange Client computer on a LAN or WAN link uses remote procedure call (RPC) to communicate with an Exchange Server computer. The Exchange Server computer, an RPC- based application, uses TCP port 135, also referred to as the location service that helps RPC applications to query for the port number of a service.

The Exchange Server computer monitors port 135 for client connections to the RPC endpoint mapper service. After a client connects to a socket, the Exchange Server computer allocates the client two random ports to use to communicate with the directory and the information store. The client does not communicate with other components of the Exchange Server computer.

If security concerns for a network infrastructure require blocking of any ports other than the ones used, then the random assignment of ports for communication with the directory and the information store can become a roadblock. To avoid this, Exchange Server versions 4.0 and later allow you to statically allocate these ports.

At this juncture, for successful communication between client and server, the firewall needs to be configured to allow TCP connections to port 135 and all statically allocated ports. If you need to monitor traffic for analysis, these are the ports to monitor.
0
 
condorcapeAuthor Commented:
Yeah, the problem is that the VPN wasn't being established.

0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now