Typically, the default services (ports) for VPN between firewalls is "Any" and this is similar to configuring routers without access-lists in WAN topology (the reason being, all sites are trusted by each other). If, however, you want to tighten down, then you may want to open the following:
Port 42 (TCP & UDP) for WINS Replication Port 135 (TCP) for RPC Service (endpoint mapper, for Exchange, etc) Port 137 (UDP) for NetBIOS Name Service *(WINS: TCP/UDP 137) Port 138 (UDP) for NetBIOS datagram (Netlogon & Browsing) Port 139 (TCP) for NetBIOS session (NET USE) *(NT Domain: TCP 139) For Win2k AD domains, you'll need to open up add'l ports for LDAP, GC, etc. Furthermore, if you want to set up only the corporate site as the internet gateway for all sites, then you'd have to open up DNS, HTTP, etc, also in the VPN policy/rule. After the initial setup, you'll want to keep an eye on the log of VPN policy/rule to see if you need to open additional port(s). Randall -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 06, 2002 07:12 AM To: MSWinNT Discussions Subject: RE: NT ip ports Hi again, each site will have its own firewall so the vpn will be between them. Kev ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
