How do I enable tcp port 1723 and GRE protocol (IP protocol 47)? I have searched and read some topics but I’m still not sure how to do this.
My problem is, my VPN won’t connect unless I dissable the firewall. I have set the the program as a trusted one, but still a no go. I have contacted the VPN provider, and they told me to enable tcp port 1723 and GRE protocol (IP protocol 47). Once I connect to the vpn after disabling the firewall, I am able to then enable the firewall and browse just fine on the VPN. It just won’t let me connect to it with the firewall enabled. I have had view active connections open while trying to connect and don’t see anything happening. I need someone who is willing to do a step by step with me to get this configure correctly as most of what I have read isn’t making much sense.
I am running 3.8.65951.477 and have winXP version 2002 SP2, connecting via a cable modem and router.
To open the port TCP 1723
Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port VPN
Source address: Any
Destination Address: Choose MAC address, Single IP (only when it is fixed) or Host Name
Source Port: Any
Destination Port: 1723
Then push Apply → Ok.
For GRE:
Action: Allow
Protocol: IP
Direction: In
Description: GRE traffic
Source Address: Any
Destination Address: like you filled in before
IP details: GRE
Apply → Ok.
For the GRE rule, it’s the same right? Firewall → Advanced → Network Security policy → Global Rules → Add…
I did this and it’s not working… I tried viewing the active connections while trying to connect to the vpn but nothings pops up at all. Still getting error 800. I’ll try rebooting see if it helps…
Indeed. One thing I forgot to mention is that after adding the new global rules you need to check whether they are above the basic block rule (can be recognised by the red icon). Otherwise they don’t work
I did this and it's not working... I tried viewing the active connections while trying to connect to the vpn but nothings pops up at all. Still getting error 800. I'll try rebooting see if it helps...I have no experience in the VPN field but will try with common sense. What happens when you make the VPN program Trusted Application in the Firewall and in Defense +?
When the above doesn’t work can you show me a screenshot of your Global Rules and of the Firewall logs?
I moved the rules up above the basic block rule before exiting… I don’t think I have made it a trusted app in the Defense side… I will do that now… and if this doesn’t work then I will post the screen shots… BRB… Please hang with me I would like to get this running correctly today :-TU
Adding this to the trusted apps on the Defense+ side has made this work correctly!! I’m glad you mentioned that because I had only added it as trusted on the Firewall side!! :-TU Thanks for your help!!
Firewall confuse me and I needed this help!! Peace out!! ;D
You learned a few important basics today… :-TU
Actually, I just realized I didn’t have the firewall enabled when I tried to connect the VPN, so of couse it connected. I should have known it wasn’t on the Defense+ side, as I don’t have to disable the Defense+ module to get the vpn to connect, I just have to disable the Firewall, then connect, then re-enable the firewall. So It’s back to the drawing board for me… Any other suggestions???
Are you sure you need to first turn off the firewall to get VPN to work and then you can safely put the firewall back on. That is surprising to me. Could you try to reboot your computer and then start the VPN with the firewall switched on (It is odd as we have the rules in place the VPN provider requested).
When this doesn’t help can you show me a screenshot of your Global Rules and the application rules for your VPN client?
Yes, the VPN will only connect if I first disable the firewall, and will still work AFTER re-enabling the firewall. I have rebooted several times, I have had this problem for a couple of weeks now. I will post the global rules now, and would ask of you to tell me exactly where to to for the app rules you are looking for?
Thanks for the Help! :-TU
[attachment deleted by admin]
When you try firing up the vpn with the firewall enabled do you get anything in the firewall logs?
Firewall/view firewall events/more
I think I see where things may go wrong. In the rules for the port and GRE protocol the destination address needs to be of your computer. When you have a fixed internal IP address you can fill in this. Or use the host name of your computer or the MAC address of your NIC.
Let us know how it goes.
How do I go about finding out which one I need to use to fill in?? Also, to reply to wht Matty_R has asked, I have attached a pic of the firewall log. I have a system file blocked. If you will notice, it is trying to connect ALL THE TIME. I blocked it for that reason. I did notice that it did try to connect while I was trying to connect the vpn with the firewall on. Not sure if its causing a problem or not. System was trying to connect on its own while I was asleep, and the vpn wasn’t trying to be connected at that time. Anyway, I would like to UNblock the system file, if you guys think its safe, and see if that helps.
I will upload an app rule pic also.
Thanks!
P.S.
I think I see where to unblock the system file, in the app rules, but would like to ask you guys if that is where I do it to save further problems.
Thanks again!
[attachment deleted by admin]
I am not going to focus on the Firewall log right now. Most of it is modem/router chatter we can deal with later.
With regard to the Global Rules. It is up to you how you identify your computer as destination address. When you have a fixed internal IP address you can use the IP address of your computer. Otherwise use Host Name (the name of your computer in a network) or MAC address.
To find the MAC address of you network card go to Start → Run → type cmd in the run box → enter → now type “inpconfig /all” without the quotes → enter → browse through the list and look up the network connector you are using → write down the MAC address. Now you can fill the MAC address in in the Global Rules.
I browsed through your Application rules and saw that you made a rule for the shortcut to Strong VPN (Strong VPN.lnk) instead of the executable of Strong VPN. Also I see Torrent Freedom Client VPN. What VPN client are you using?
It d
I’m using the Strong vpn, the torrent freedom was Crapola. :-TD I will get busy trying what you have suggested and will get back with you… Thanks…
There is nothing there in the results that specifically say “Mac Adrress”. I have uploaded the rusults of the CMD in dos so you can see. I have Intentionally hidden the IP addy’s etc for my own protection.
Hope this helps.
Thanks!
[attachment deleted by admin]
My bad here. MAC address is called Physical Address in Windows… 88)
ok, I redid the rules with the mac address update and that didn’t help. What did do the trick, however, was to delete the block rule for the “System” file that was blocked. I deleted the rule, tried to connect, and it connected. So I’m connecting now… not sure about the speed I now have on vpn but I will wait to pass judgement on that for a few days and see how things go. Thanks Eric for all the help you have given!
:-TU
I totally overlooked the System rule; it doesn’t need to be blocked.
In my own set up it is set to custom. As you can see it reflects the trusted network zones I made under Global Rules (I used the Stealth ports wizard to add the trusted network zones).
[attachment deleted by admin]