We use a DSL line in our office for Internet connectivity. The DSL line connects to a Windows XP PC running Internet Connection Firewall (ICF) Recently, we decided that we needed access to the network from outside the office, so we setup a Virtual Private Network (VPN) connection using a Point-to-Point Tunneling Protocol (PPTP) server.
The VPN appears to be configured correctly, but we couldn't access the network. I disabled ICF and to my surprise I could access the VPN server. This leads me to believe that there's an incompatibility between our PPTP server and Windows XP. I don't feel comfortable having an open Internet connection without a firewall, but it's important that we have access to the VPN. Do you have any suggestions as to what I should do next? Thanks!
A firewall protects your network from unauthorized access by monitoring the traffic coming into your network. All Internet traffic is based on the TCP/IP protocol, and that traffic travels through various ports on your network. For example, standard Internet traffic or HTTP uses port 80, FTP uses port 21 and Telnet uses port 23. These ports have been predefined in ICF to allow this traffic to safely pass into the network. This type of configuration is typically referred to as a Rule.
If you have a PPTP server on your internal network that you want to access from outside of your network, you have to open the ports in ICF to allow VPN traffic onto the PPTP server. You do this by adding a Service to the ICS Services List. The Services List contains information on the service type, the related TCP or UCP ports and the IP address of the host system.
To configure ICS to accept PPTP traffic, you first need to know the ports over which the traffic will travel. A typical PPTP connection consists of two types of traffic: PPTP traffic (TCP port 1723) establishes and maintains the connection, while Generic Route Encapsulation (GRE ) (port 47) encapsulates the actual data that passes between the two endpoints. (If you were using IPSec instead of PPTP, the port numbers would change to 500, 50 and 51.) You'll find detailed, step-by-step instructions on configuring Windows XP ICS for an internal PPTP server in the Microsoft Knowledge Base.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|