Home > Security > XP Firewall Exceptions

XP Firewall Exceptions

 

I recently gave a class regarding WAN and Remote Access Technologies which included an exercise on setting up an outgoing\incoming PPTP VPN connection between 2 XP machines.  As the students worked in pairs it was necessary for both of them to create incoming and outgoing connections.  There were some issues that had occurred during the connection process which revolved mostly around improper configuration (aka: ‘user error’).  One error in particular was not turning off the XP Firewall.  Being that any firewall is a critical piece of software it would be more prudent to specifically permit the VPN traffic then turn the Firewall off altogether.  So I decided to include the following example on how to configure the Firewall to accept incoming PPTP and L2TP connections.   If you looking for more information on configuring the XP Firewall click here to read the microsoft white paper on “Deploying Windows Firewall Settings”

 

First you will need to open your Local Area Connection Properties.  You can do this by goint to Start – Control Panel – Network Connections and right clicking the LAN connection and choosing ‘Properties’.  Click the ‘Advanced’ tab. 

null

 
On the ‘Advanced’ tab  and in the ‘Windows Firewall’ options click on ‘Settings’.  You should now see the following available tabs: General, Exceptions & Advanced.
 
 

 Click on the ‘Advanced’ tab. 

 In the ‘Network Connection Settings’ area click on ‘Settings’.  There are now two tabs available: Services & ICMP. Click on ‘Services’  Here you are viewing additional exceptions regarding services running on your computer that Internet users can access.  The below example shows that this firewall is already configured for both L2TP and PPTP VPN incoming connections. 

 

 

If you don’t currently see a preconfigured service for L2TP or PPTP then click on ‘Add’.  You will need to add the following configurations

 

Description of service:  Incoming Connection VPN (PPTP)

Name or IP address of the computer hosting this service on your network:  Put your computer name or ip

External Port number for this service:  TCP 1723

Internal Port number for this service:   TCP 1723

 

 

You can also additionaly configure incoming L2TP connections as well using the following settings:

 

 

 

Description of service:  Incoming Connection VPN (L2TP)

Name or IP address of the computer hosting this service on your network:  Put your computer name or ip

External Port number for this service:  UDP 1701

Internal Port number for this service:   UDP 1701

 

In order to use L2TP you will need to add the IKE services as seen below.

 

 

Description of service:  IP Security (IKE)

Name or IP address of the computer hosting this service on your network:  Put your computer name or ip

External Port number for this service:  UDP 500

Internal Port number for this service:   UDP 500

 

Once this has been completed test the connection to make sure it works..

 

 

Advertisements
Categories: Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: