1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Domain Traffic - Which Firewall Ports?

Discussion in 'Windows Home Server' started by K, Oct 12, 2009.

  1. K

    K Guest

    I have a secure site-to-site VPN but when it was set up we locked down all
    the ports on the firewalls either end to ensure only traffic we wanted was
    going over it.

    We now want to open it up (as link speeds have increased) so that domain PCs
    (XP Pro SP3) at site can connect back to the DCs at head office (2003 SP2)
    as members of the domain - ie. using domain logon, getting their network
    drives and logon scripts, group policy enforcement etc.

    Speed is not an issue, I just don't know which ports are necessary to open
    and don't want to just open everything.

    Thank you
     
    K, Oct 12, 2009
    #1
  3. Meinolf Weber [MVP-DS]

    Meinolf Weber [MVP-DS] Guest

    Hello K,

    See here:










    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!!

    <!--coloro:blue--><span style="color:blue <!--/coloro-->
    > I have a secure site-to-site VPN but when it was set up we locked down
    > all the ports on the firewalls either end to ensure only traffic we
    > wanted was going over it.
    >
    > We now want to open it up (as link speeds have increased) so that
    > domain PCs (XP Pro SP3) at site can connect back to the DCs at head
    > office (2003 SP2) as members of the domain - ie. using domain logon,
    > getting their network drives and logon scripts, group policy
    > enforcement etc.
    >
    > Speed is not an issue, I just don't know which ports are necessary to
    > open and don't want to just open everything.
    >
    > Thank you
    > <!--colorc--><!--/colorc-->
     
    Meinolf Weber [MVP-DS], Oct 12, 2009
    #2
  4. Bill Grant

    Bill Grant Guest

    "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
    news:6cb2911d75918cc194c14c84a05@msnews.microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello K,
    >
    > See here:
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    > Best regards
    >
    > Meinolf Weber
    > Disclaimer: This posting is provided "AS IS" with no warranties, and
    > confers no rights.
    > ** Please do NOT email, only reply to Newsgroups
    > ** HELP us help YOU!!!
    ><!--coloro:green--><span style="color:green <!--/coloro-->
    >> I have a secure site-to-site VPN but when it was set up we locked down
    >> all the ports on the firewalls either end to ensure only traffic we
    >> wanted was going over it.
    >>
    >> We now want to open it up (as link speeds have increased) so that
    >> domain PCs (XP Pro SP3) at site can connect back to the DCs at head
    >> office (2003 SP2) as members of the domain - ie. using domain logon,
    >> getting their network drives and logon scripts, group policy
    >> enforcement etc.
    >>
    >> Speed is not an issue, I just don't know which ports are necessary to
    >> open and don't want to just open everything.
    >>
    >> Thank you
    >><!--colorc--><!--/colorc-->
    >
    ><!--colorc--><!--/colorc-->

    Have you tried it without making any changes? Where did you set these
    filters?

    If they were set on the gateway router they have little or no effect on
    VPN traffic. When the VPN traffic goes through the gateway router/firewall
    it is encrypted and encapsulated. All the the firewall sees is the PPTP or
    IPSec header. It can't see the actual TCP headers.
     
    Bill Grant, Oct 12, 2009
    #3

Share This Page