NIS 2009 - turn off Smart Firewall to enable the VPN Server to work

Norton Security | Norton Internet Security
1

Setup:

Windows XP Professional

NIS 2009 runs on this PC.

Set up this PC as the VPN Server using the XP's VPN Server software

Created a rule to open TCP & UDP port 1723 within the General Rule section and put this rule at the top of the list.

 

VPN client is Windows XP VPN Client.

 

At the Client end, I can connect to the VPN Server.  I can transfer files from the Server end OK.  However, the connection only stays up for 3 or 4 minutes and it drops out.  I tred several times and got the same result.

 

If I turned off the Smart Firewall at the Server end, the connection stays up without problem.  Obviosuly, I don't want to turn off the Firewall.  It would appear the problem is something to do with the Smart Firewall at the Server end.  I have searched through the posting in this forum related to VPN setup but could not find any definitive answer.  I have opened additional ports 500, 50, 51, 137-139 but made no difference.  I'd apprecaite any help to solve this problem.

2

Hi ringoffire:

 

We may not have a VPN expert until much later in the day.  In the meantime, check in the history in Norton to see if anything is being blocked.  It would seem that if a connection is made, for whatever period of time, the connection itself is successful.  There may be some other port that needs to be allowed, or some use of the server that is triggering a closure of a port.

 

Also check the network map to see if each machine that is accessing the VPN is visible in the map and set the trust to full trust.

 

Let us know if you find anything in those two areas.

3

Taken from a post of dbrisendine (guru):

"Go to View Network Security Map > Network Details and choose Trust Control from the drop down box.  Then click on the [+] sign to add a device to Trust Control.  Enter the address for the VPN host you are connecting to and then click Add Device. Close the Network Map and then try your VPN again.  Let us know the results."


Please try the above steps. If the problem persists, try turning off the Stealth Blocked Ports.

4

I have solved the problem by turning off the "Stealth Blocked Ports" option.

 

The final firewall configuration is:

  1. Default firewall configuration
  2. Create a rule to open TCP & UDP port 1723 and put this rule at the top of the list.
  3. Disable "Stealth Blocked Ports" option.

Thanks for your help.