Basic Firewall Basics

Hi, I'm trying to set up what should be a very simple configuration.

- Windows Server 2003
- VPN access to the server
- No NAT required (no internal clients)
- Basic Firewall blocking all access except the VPN and Remote Desktop

On the first attempt I used the wizard with default settings for remote
access and basic firewall. Unfortunately, this locked me out because
the default configuration is to deny all access and I do not have
physical access to the machine. My hosting service disabled the
routing and remote access server for me so now I'm trying to do it
manually step-by-step.

I have enabled remote access to use an address range. I am now able to
connect to the VPN and access the server via it's internal address in
this range.

My remaining task is to secure the server with Basic Firewall. I added
the NAT/Basic Firewall and added the external network interface with
the "Basic Firewall Only" button checked. I then used the "Services
and Ports" tab to enable the VPN Gateway and Remote Desktop, directing
them to the server's internal address. I have tried leaving the
address pool empty and also filling it with the addresses of the
external interface (it has 3).

The problem is that the basic firewall does not seem to be blocking any
traffic at all. I can still access the web server through the external
interface. I am sure the wizard must be setting up some additional
thing that I am missing. Can anyone help?

My event log shows one interesting error from ipnathlp:

The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module. This may indicate
misconfiguration, insufficient resources, or an internal error. The
data is the error code. 0000: 1f 00 00 00


Thanks,
Jeff Loomis

This could be the problem. "added the external network interface with the "Basic Firewall Only" button checked". Or check Public interface connected to the internet or configure inbound filter under Basic firewall only.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
<(E-Mail Removed)> wrote in message news:(E-Mail Removed) oups.com...
Hi, I'm trying to set up what should be a very simple configuration.

- Windows Server 2003
- VPN access to the server
- No NAT required (no internal clients)
- Basic Firewall blocking all access except the VPN and Remote Desktop

On the first attempt I used the wizard with default settings for remote
access and basic firewall. Unfortunately, this locked me out because
the default configuration is to deny all access and I do not have
physical access to the machine. My hosting service disabled the
routing and remote access server for me so now I'm trying to do it
manually step-by-step.

I have enabled remote access to use an address range. I am now able to
connect to the VPN and access the server via it's internal address in
this range.

My remaining task is to secure the server with Basic Firewall. I added
the NAT/Basic Firewall and added the external network interface with
the "Basic Firewall Only" button checked. I then used the "Services
and Ports" tab to enable the VPN Gateway and Remote Desktop, directing
them to the server's internal address. I have tried leaving the
address pool empty and also filling it with the addresses of the
external interface (it has 3).

The problem is that the basic firewall does not seem to be blocking any
traffic at all. I can still access the web server through the external
interface. I am sure the wizard must be setting up some additional
thing that I am missing. Can anyone help?

My event log shows one interesting error from ipnathlp:

The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module. This may indicate
misconfiguration, insufficient resources, or an internal error. The
data is the error code. 0000: 1f 00 00 00


Thanks,
Jeff Loomis