• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Domain Traffic - Which Firewall Ports?

#1
I have a secure site-to-site VPN but when it was set up we locked down all
the ports on the firewalls either end to ensure only traffic we wanted was
going over it.

We now want to open it up (as link speeds have increased) so that domain PCs
(XP Pro SP3) at site can connect back to the DCs at head office (2003 SP2)
as members of the domain - ie. using domain logon, getting their network
drives and logon scripts, group policy enforcement etc.

Speed is not an issue, I just don't know which ports are necessary to open
and don't want to just open everything.

Thank you
 

My Computer

M

Meinolf Weber [MVP-DS]

#2
Hello K,

See here:
http://support.microsoft.com/kb/555381

http://support.microsoft.com/kb/179442/

http://www.microsoft.com/downloads/...46-43F0-4CAF-9767-A9166368434E&displaylang=en

http://technet.microsoft.com/en-us/library/bb125069(EXCHG.65).aspx

http://technet.microsoft.com/en-us/library/bb727063.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have a secure site-to-site VPN but when it was set up we locked down
> all the ports on the firewalls either end to ensure only traffic we
> wanted was going over it.
>
> We now want to open it up (as link speeds have increased) so that
> domain PCs (XP Pro SP3) at site can connect back to the DCs at head
> office (2003 SP2) as members of the domain - ie. using domain logon,
> getting their network drives and logon scripts, group policy
> enforcement etc.
>
> Speed is not an issue, I just don't know which ports are necessary to
> open and don't want to just open everything.
>
> Thank you
>
 

My Computer

B

Bill Grant

#3
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d75918cc194c14c84a05@newsgroup

> Hello K,
>
> See here:
> http://support.microsoft.com/kb/555381
>
> http://support.microsoft.com/kb/179442/
>
> http://www.microsoft.com/downloads/...46-43F0-4CAF-9767-A9166368434E&displaylang=en
>
> http://technet.microsoft.com/en-us/library/bb125069(EXCHG.65).aspx
>
> http://technet.microsoft.com/en-us/library/bb727063.aspx
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>

>> I have a secure site-to-site VPN but when it was set up we locked down
>> all the ports on the firewalls either end to ensure only traffic we
>> wanted was going over it.
>>
>> We now want to open it up (as link speeds have increased) so that
>> domain PCs (XP Pro SP3) at site can connect back to the DCs at head
>> office (2003 SP2) as members of the domain - ie. using domain logon,
>> getting their network drives and logon scripts, group policy
>> enforcement etc.
>>
>> Speed is not an issue, I just don't know which ports are necessary to
>> open and don't want to just open everything.
>>
>> Thank you
>>
>
>
Have you tried it without making any changes? Where did you set these
filters?

If they were set on the gateway router they have little or no effect on
VPN traffic. When the VPN traffic goes through the gateway router/firewall
it is encrypted and encapsulated. All the the firewall sees is the PPTP or
IPSec header. It can't see the actual TCP headers.
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)