Sign in with
Sign up | Sign in
Your question

XP Pro cannot accept VPN, Remote Desktop connections

Last response: in Windows XP
Share
Anonymous
July 8, 2005 7:19:14 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I am trying to configure VPN and Remote Desktop connections on my
network. These were working fine, until recently I had to swap out our
Win2K Server box for an XP Pro box. Our setup is this:

- We have a Linksys router, forwarding to an XP Pro server. Windows
firewall is turned off, but we are running Norton Internet Security.
Norton has been configured to accept connections from the router IP
address.
- Our network does not have a static IP address. Instead we use dynamic
IP forwarding. This is working - I can ping the URL and the correct WAN
IP address is returned.
- I configured Remote Desktop by going to My Computer > Properties >
Remote > Allow users to connect remotely to this computer
- I configured VPN by setting up an incoming VPN network connection
under Control Panel > Network Connections

>From inside the network I am able to
- connect to the server via Remote Desktop
- telnet to ports 1433, 1723 and 3389

>From outside the network I:
- cannot connect via Remote Desktop
- cannot connect via VPN
- CAN telnet to port 1433
- but cannot telnet to port 1723, 3389

When I do a "netstat -an" on the server I get:
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1394 0.0.0.0:0 LISTENING
TCP 192.168.3.105:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1197 *:*
UDP 0.0.0.0:1198 *:*
UDP 0.0.0.0:1434 *:*
UDP 0.0.0.0:1701 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1031 *:*
UDP 127.0.0.1:1032 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.3.105:123 *:*
UDP 192.168.3.105:137 *:*
UDP 192.168.3.105:138 *:*
UDP 192.168.3.105:1900 *:*

My Linksys router is forwarding the following ports to the new server:
1723, 500, 47, 50, 80, 3389, 21, 1433

Thinking that perhaps something pertaining to the old machine was
"cached" in the Linksys router, I restarted it, but that didn't help.

I don't understand why from outside the network I can telnet only to
port 1433, when the server says it's listening on 1723 & 3389. Any
suggestions are much appreciated.
Anonymous
July 9, 2005 10:27:33 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

For PPTP VPN you need both TCP Port 1723 forwarded through any
firewall/NAT/router *AND* enable GRE Protocol 47 traffic through the
firewall/NAT/router. Some manufacturers call the latter "PPTP Pass Through"
or "VPN Pass Through". Consult the documentation for help with that.

You can run the test detailed in the "VPN Traffic" section near the end of
this page to help pinpoint the problem area...

http://www.microsoft.com/technet/community/columns/cabl...
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...


"Camera1" <h_m_vaughan@hotmail.com> wrote in message
news:1120861154.681881.27250@g14g2000cwa.googlegroups.com...
>I am trying to configure VPN and Remote Desktop connections on my
> network. These were working fine, until recently I had to swap out our
> Win2K Server box for an XP Pro box. Our setup is this:
>
> - We have a Linksys router, forwarding to an XP Pro server. Windows
> firewall is turned off, but we are running Norton Internet Security.
> Norton has been configured to accept connections from the router IP
> address.
> - Our network does not have a static IP address. Instead we use dynamic
> IP forwarding. This is working - I can ping the URL and the correct WAN
> IP address is returned.
> - I configured Remote Desktop by going to My Computer > Properties >
> Remote > Allow users to connect remotely to this computer
> - I configured VPN by setting up an incoming VPN network connection
> under Control Panel > Network Connections
>
>>From inside the network I am able to
> - connect to the server via Remote Desktop
> - telnet to ports 1433, 1723 and 3389
>
>>From outside the network I:
> - cannot connect via Remote Desktop
> - cannot connect via VPN
> - CAN telnet to port 1433
> - but cannot telnet to port 1723, 3389
>
> When I do a "netstat -an" on the server I get:
> Proto Local Address Foreign Address State
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1394 0.0.0.0:0 LISTENING
> TCP 192.168.3.105:139 0.0.0.0:0 LISTENING
> UDP 0.0.0.0:445 *:*
> UDP 0.0.0.0:500 *:*
> UDP 0.0.0.0:1026 *:*
> UDP 0.0.0.0:1197 *:*
> UDP 0.0.0.0:1198 *:*
> UDP 0.0.0.0:1434 *:*
> UDP 0.0.0.0:1701 *:*
> UDP 0.0.0.0:4500 *:*
> UDP 127.0.0.1:123 *:*
> UDP 127.0.0.1:1031 *:*
> UDP 127.0.0.1:1032 *:*
> UDP 127.0.0.1:1900 *:*
> UDP 192.168.3.105:123 *:*
> UDP 192.168.3.105:137 *:*
> UDP 192.168.3.105:138 *:*
> UDP 192.168.3.105:1900 *:*
>
> My Linksys router is forwarding the following ports to the new server:
> 1723, 500, 47, 50, 80, 3389, 21, 1433
>
> Thinking that perhaps something pertaining to the old machine was
> "cached" in the Linksys router, I restarted it, but that didn't help.
>
> I don't understand why from outside the network I can telnet only to
> port 1433, when the server says it's listening on 1723 & 3389. Any
> suggestions are much appreciated.
>
Anonymous
July 10, 2005 5:14:56 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

NIS must accept connections from the IP address of the computer you
are connecting from, not just the NAT device...
---
Jeffrey Randow (Windows Networking MVP)
jeffreyr-support@remotenetworktechnology.com
http://www.networkblog.net (My Networking Blog)
http://www.remotenetworktechnology.com (Support Site)

On 8 Jul 2005 15:19:14 -0700, "Camera1" <h_m_vaughan@hotmail.com>
wrote:

>I am trying to configure VPN and Remote Desktop connections on my
>network. These were working fine, until recently I had to swap out our
>Win2K Server box for an XP Pro box. Our setup is this:
>
>- We have a Linksys router, forwarding to an XP Pro server. Windows
>firewall is turned off, but we are running Norton Internet Security.
>Norton has been configured to accept connections from the router IP
>address.
>- Our network does not have a static IP address. Instead we use dynamic
>IP forwarding. This is working - I can ping the URL and the correct WAN
>IP address is returned.
>- I configured Remote Desktop by going to My Computer > Properties >
>Remote > Allow users to connect remotely to this computer
>- I configured VPN by setting up an incoming VPN network connection
>under Control Panel > Network Connections
>
>>From inside the network I am able to
>- connect to the server via Remote Desktop
>- telnet to ports 1433, 1723 and 3389
>
>>From outside the network I:
>- cannot connect via Remote Desktop
>- cannot connect via VPN
>- CAN telnet to port 1433
>- but cannot telnet to port 1723, 3389
>
>When I do a "netstat -an" on the server I get:
>Proto Local Address Foreign Address State
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
> TCP 127.0.0.1:1394 0.0.0.0:0 LISTENING
> TCP 192.168.3.105:139 0.0.0.0:0 LISTENING
> UDP 0.0.0.0:445 *:*
> UDP 0.0.0.0:500 *:*
> UDP 0.0.0.0:1026 *:*
> UDP 0.0.0.0:1197 *:*
> UDP 0.0.0.0:1198 *:*
> UDP 0.0.0.0:1434 *:*
> UDP 0.0.0.0:1701 *:*
> UDP 0.0.0.0:4500 *:*
> UDP 127.0.0.1:123 *:*
> UDP 127.0.0.1:1031 *:*
> UDP 127.0.0.1:1032 *:*
> UDP 127.0.0.1:1900 *:*
> UDP 192.168.3.105:123 *:*
> UDP 192.168.3.105:137 *:*
> UDP 192.168.3.105:138 *:*
> UDP 192.168.3.105:1900 *:*
>
>My Linksys router is forwarding the following ports to the new server:
>1723, 500, 47, 50, 80, 3389, 21, 1433
>
>Thinking that perhaps something pertaining to the old machine was
>"cached" in the Linksys router, I restarted it, but that didn't help.
>
>I don't understand why from outside the network I can telnet only to
>port 1433, when the server says it's listening on 1723 & 3389. Any
>suggestions are much appreciated.
!