Using Win XP's Firewall & VPN

[jrothatnd]

This only happens with Windows XP computers. Computers with Windows 2000 can be using VPN and get backup without any problem. When my XP users turn on their VPN, Retrospect does not see their computer. I can turn off the XP’s firewall, or I can turn off their VPN session and then Retrospect will see their computer. What is confusing me is the XP Firewall is set with all the default settings. I add Retrospect’s port 497 TCP & UDP in the exceptions tab. Why is XP’s Firewall blocking out Retrospect when VPN is on?

[natew]

Hi

 

What VPN softare are you using? My cisco VPN software blocks local network access so the client will no longer work when its active. Can you connect to the clients via direct IP address when the VPN is running?

 

Thanks

Nate

[jrothatnd]

We are running Microsoft’s VPN client. Retrospect can not connect to the client when I type in the IP address. But when I turn off the XP’s firewall everything works fine.

[natew]

Hi

 

Check your firewall settings and make sure that port 497 is open for both UDP and TCP. I would guess that UDP is being blocked right now.

 

One time I had to set the firewall to block port 497 completely, reboot then unblock the ports before it would work.

 

Thanks

Nate

[jrothatnd]

I tired opening port 497 (TPC & UDP) on the VPN's connection, but Retrospect still does not see the computers.

 

I should point out that the backup is going through the LAN connection and not the VPN. And when the users turn off their VPN, Retrospect see them.

[natew]

Hi

 

Do you mean you opened port 497 on the firewall? Opening ports on the VPN shouldn't make any difference.

 

Thanks

nate

[gkowalsky6]

I believe that's how the VPN actually works by design- it creates an encrypted tunnel between the client and your LAN, i.e., the retrospect server is not visible from client's side. However, I thought that the multicast packets should be working.

[jrothatnd]

Port 497 is open on the entire Firewall. Since Retrospect can't see the computer only when the VPN is on, I opened port 497 on the VPN connection just incase the XP's Firewall was doing something strange.

[jrothatnd]

gkowalsky6 that is exactly correct. The computer has two network connections; the LAN and the VPN. I understand Retrospect won't see the user throught the VPN, but it should see the computer through the LAN connection.

[natew]

Hi

 

VPN connections can cause lots of problems:

 

-They can route all multicast responses to the VPN adapter instead of the local lan.

-They can disallow local network access

-They can impose other firewall rules etc.

 

In short, VPN connections can cause problems with client connectivity. At this point your best bet is to try to bind the client to the local IP address using the command line Retroclient -ip command. Either that or try adding a separate NIC to the machine.

 

Thanks

Nate

[jrothatnd]

Nate, I have several computers with this problem, so adding a second NIC is not an option.

 

I am not familiar with the "Retroclient -ip command". How does it work and how should I use it? Can I use it to bind to an Active Directory name instead of an IP?

 

Thank you for all your help.

[natew]

Hi

 

It has to be by IP address. Open up an command line terminal and run \%path to client dir%\retroclient --help for a full list of client options.

 

Thanks

Nate