G'day

Have just joined Swiftel this week, and am using the connection to VPN into work using a proprietary product.

I can ping any of my servers at work over the vpn link, and can browse a network share when mapped via \\192.168.0.x\Sharename.

My problem is this - Until the handover from another ISP I was able to use XP's remote desktop connection to connect to any one of about 5 win2k terminal servers. This no longer the case.

Have patched each of those servers for the Blaster worm. Does this patch prevent remote access? I can connect using terminal services at work but not from home?

Does any port filtering happen on the swiftel link?

Any suggestions are most appreciated

Thanks

The problem is definately not caused by swiftel or any other internet carrier - your vpn tunnel will be crossing the internet on one or two ports / protocols (it encapsulates your traffic so the ports you send your traffic on are not seen) and would either work or not work. If swiftel or any other the other ISP's between yourself and your work were filtering you would not be able to establish your vpn tunnel at all.

I'm not sure about the blaster patch affecting your netbios browsing / mapping but I know that our work has been increasing the number of ports that we block on our remote access services since blaster has been bouncing around and that included blocking the netbios ports that you need for mapping a drive.

I'd check with your network / security people at work to see if they have blocked the tcp/139 port (needed for microsoft drive mapping) for vpn users.

Looking at the security advisories out there for blaster they are recommending that people block tcp/139

http://www.ciac.org/ciac/bulletins/n-133.shtml

Taa,
Michael.

Originally posted by micklow
My problem is this - Until the handover from another ISP I was able to use XP's remote desktop connection to connect to any one of about 5 win2k terminal servers. This no longer the case.

Does any port filtering happen on the swiftel link?


If it helps I can tell you that we use XP and 2K remote desktop extensively ourselves across our ADSL network - this post is an example.

Also, there is absolutely no port filtering whatsoever.

I am using remote desktop everyday.
No problems here

Maybe it's a matter of forwarding the right ports on your modem, if it's an NB1300 or if it doesn't automatically forward all ports. You might be able to get "out" but not back in, if the modem is not forwarding the right ports. Do you know what port numbers XP uses for it's remote desktop thing?

BTW, FYI I use "Remote Administrator" on Win2000 for the same purpose - it rocks. Also you can choose what port it listens on, so I set mine to use something up over 10,000. Much safer.

http://www.radmin.com/

Cheap and very powerful. Highly recommended.

I'm not sure if this information will help but I'll post it here anyway

I use a billion 741GE Modem Router

The router is configured as the host
I am using Winxp PPTP client

I have NOT had to forward any ports

When I turned the firewall on I then had to open


1723 in and out

Raw port/protocol 47 out (I thing this one is GRE) whatever that
is

Hope that info helps

Sorry I can't be of any more help

Pepe

Thanks for all the suggestions, I will go and have a play with the router and let you know. I would have thought that any outgoing traffic would automatically return?

The strange thing is that I have an active VPN link, I can ping the Terminalk server with an IP address on the remote LAN (192.168.0.9), I just can't connect using Remote Desktop

Cheers

"I would have thought that any outgoing traffic would automatically return? "

I'm not an expert, but I'm basing this idea on the following: You can browse other web servers, which means they are sending you data from their port 80 (normally). However, data from your machine's port 80 will NOT go out over an NB1300 unless you turn on port forwarding for that port.

SO you can send a request to pot 80 and get a response, but a request to your port 80 will be stopped (firewalled) at the modem.

So, maybe this is happening on other ports as well, hence you get some functionality (as per your description) but not other bits (eg remote desktop) - consult the remote desktop doco and see if it tells you what ports it uses.

I am having the same issues. I have been connected since yesterday.

Did you find a solution?

I can connect up to the vpn no problem using pptp.
When I go to access the exchange server or remote desktop (terminal server) it times out. I can ping the servers I want no problem.

This works fine with all of my other internet connections.
I have been using dial up and a cable connection fine for over a year.
As soon as I dial in to telstra or other, I establish the vpn and then I have full access to everything.

If it helps I am using a netcomm NB1300 in bridged mode and a netcomm NB5540 router for the connection. ( pptp passthrough has been enabled)

Any suggestions?

Cheers
H.

The best way to test this using the Netcomm NB1300 would be:

1. Set the modem in bridge modem (thus doing away with NAT and port blocking) and using Windows XP to dial the connection. Here the ip address will be picked up on your PC's NIC instead of the router's WAN interface and this should allow you connect to your remote desktop, so long as the other end is ofcourse configured similarly with out any ports being blocked.

OR

2. Use the modem in routed mode (Bridge mode disabled) and setting up Port Forwarding on port 3389 from the WAN interface of the router to your LAN ip (eg 192.168.1.2). Please note that when people are trying to connect to you via the remote desktop, they can not use the private ip address of the PC (since its not visible on the internet) but they must use the real static ip address assigned to your account.

For further info on remote desktop you can lookup Microsoft's FAQ page:

http://www.microsoft.com/windowsxp/remotedesktop/faq.asp

I think the problem here is a MTU issue... I had the same occur when I churned from bigpond.

Try lowering MTU on the client and trying again. That probably explains why you can ping the machine ok, but can't connect using remote desktop. You can use Dr.TCP to set the MTU (just search google for it)

Before doing anything try pinging the other end with an increasing packet size. Start at 1400 and increase by 10, then narrow down. (its the -l option of ping)