SP1 breakes VPN RRAS Server

Have a problem with a Windows 2003 VPN RRAS Server. RRAS is configured as
"VPN Remote Access Server only", allowing only IPSEC/L2TP inbound
connections and enabling the Basic Firewall (without NAT) on the public
interface.

The server works fine, until SP1 installation. After that, the VPN Server
doesn't accept inbound connections anymore. Have found that the problem is
releated to the Basic RRAS Firewall. When removing the public interface from
the "NAT/Basic Firewall" category, the VPN Server accepts inbound
connections. But when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol, and enabling all ICMP protocol rules.
It's also not possible to ping the external interface from a external
client.

When removing the public interface from "NAT/Basic firewall", inbound
connections work fine. Inbound connections also work fine when removing SP1,
with enabled firewalled public interface. Have installed SP1 tcp/ip hotfix
898060, no success. It's not a problem particular to one machine, I was able
to reproduce the problem with two virtual machines on my Notebook.

Thanks all in advance for any help or advice
Franz

"when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol" Have you check the port services? Or do a simple test to telnet port 1723.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"Franz Schenk" <franz.schenkNOSPAM@fititNO-_SPAM.ch> wrote in message news:eXOI$(E-Mail Removed)...
Have a problem with a Windows 2003 VPN RRAS Server. RRAS is configured as
"VPN Remote Access Server only", allowing only IPSEC/L2TP inbound
connections and enabling the Basic Firewall (without NAT) on the public
interface.

The server works fine, until SP1 installation. After that, the VPN Server
doesn't accept inbound connections anymore. Have found that the problem is
releated to the Basic RRAS Firewall. When removing the public interface from
the "NAT/Basic Firewall" category, the VPN Server accepts inbound
connections. But when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol, and enabling all ICMP protocol rules.
It's also not possible to ping the external interface from a external
client.

When removing the public interface from "NAT/Basic firewall", inbound
connections work fine. Inbound connections also work fine when removing SP1,
with enabled firewalled public interface. Have installed SP1 tcp/ip hotfix
898060, no success. It's not a problem particular to one machine, I was able
to reproduce the problem with two virtual machines on my Notebook.

Thanks all in advance for any help or advice
Franz

- The port services for PPTP and L2TP gateway, as well for IKE Security are open. And it's like I wrote in the previous message: The VPN server doesn't accept any connection to the firewalled interface over any protocol, including a telnet session to this interface over PPTP port 2723 (the connection fails).

- Have also installed Hotfix 897651, doesn't solve the problem as well.

Thank you all in advance for any further advice
Franz
"Robert L [MS-MVP]" <(E-Mail Removed)> schrieb im Newsbeitrag news:%(E-Mail Removed)...
"when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol" Have you check the port services? Or do a simple test to telnet port 1723.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
"Franz Schenk" <franz.schenkNOSPAM@fititNO-_SPAM.ch> wrote in message news:eXOI$(E-Mail Removed)...
Have a problem with a Windows 2003 VPN RRAS Server. RRAS is configured as
"VPN Remote Access Server only", allowing only IPSEC/L2TP inbound
connections and enabling the Basic Firewall (without NAT) on the public
interface.

The server works fine, until SP1 installation. After that, the VPN Server
doesn't accept inbound connections anymore. Have found that the problem is
releated to the Basic RRAS Firewall. When removing the public interface from
the "NAT/Basic Firewall" category, the VPN Server accepts inbound
connections. But when adding the public interface to the "NAT/Basic
firewall" category, the server doesn't accept inbound connections anymore,
even when adding inbound and outbound filter rules that allow connections
from any to any over any protocol, and enabling all ICMP protocol rules.
It's also not possible to ping the external interface from a external
client.

When removing the public interface from "NAT/Basic firewall", inbound
connections work fine. Inbound connections also work fine when removing SP1,
with enabled firewalled public interface. Have installed SP1 tcp/ip hotfix
898060, no success. It's not a problem particular to one machine, I was able
to reproduce the problem with two virtual machines on my Notebook.

Thanks all in advance for any help or advice
Franz