Cannot connect to a Windows Server 2003R2 from a different subnet via VPN

User could not connect from the DC office to the Baltimore Office server’s shared folders

User's  PC and network are on a subnet 192.168.3.1 connected to the Baltimore network 192.168.2.0 thru a VPN
-      The VPN is working fine. I was able to ping to the server (192.168.2.2) and the router at 192.168.2.1 from  192.168.3.1 (the remote location’s router) and I was able to ping from Julia’s PC on subnet 192.168.3.0 to any device on 192.168.2.0 – and vice-versa

The server is a “Windows Server 2003 R2” with all the latest service packs and updates
-      The Firewall was enabled.
-      When I would disable the Firewall,  there are no issues connecting to the shared resources on the Baltimore server from DC

Re-enabled the Firewall and performed the following

I modified the setting in the “Windows Firewall”
Clicked “Exceptions tab”
Clicked “File and Print Sharing”
Clicked “Edit”
Clicked on the already checked “TCP 139” and then clicked “Change Scope”
In the “Custom list”, I then added this entry  - 192.168.3.0/255.255.255.0

I now can connect to Baltimore from the DC office with no issues

Questions
-      Did I pick the correct settings by adding a custom port for TCP 139
-      Should I do anything for these ports?

TCP 445
UDP 137
UDP 138

Any help and suggestions would be appreciated
LVL 1
Andreas GieryicComputer Networking, OwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andreas GieryicComputer Networking, OwnerAuthor Commented:
NOTE: At the remote location, there are 2 PC's - both running Windows 7 Pro SP1
0
ZabagaRCommented:
I'd include those other ports if the firewall wizard didn't do it already:
According to Microsoft, these are the ports required for file & print sharing over a firewall


Application protocol             Protocol      Ports

RPC                                           TCP           135
NetBIOS Datagram Service   UDP            138
NetBIOS Name Resolution    UDP         137
NetBIOS Session Service       TCP          139
SMB                                       TCP          445
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andreas GieryicComputer Networking, OwnerAuthor Commented:
should I add the same subnet pool I indicated above to all these ports
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I asked the above question just to cover remote users connecting.
However, when the Windows Firewall is enabled, users can not scan from a leased copier to a shared folder on the server that works perfectly when the firewall is turned off. So again its a "File and Print" issue.

I would rather keep the windows firewall enabled but is there an easier way to allow any device on the local LAN to access resources on the server.

You mentioned "firewall wizard". I don't recall using a wizard in server 2003
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I ended up resolving the issue myself. However, since I had only one response, I find it only fair to issue the points. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.