Jump to content
Sign in to follow this  
jrothatnd

Using Win XP's Firewall & VPN

Recommended Posts

This only happens with Windows XP computers. Computers with Windows 2000 can be using VPN and get backup without any problem. When my XP users turn on their VPN, Retrospect does not see their computer. I can turn off the XP’s firewall, or I can turn off their VPN session and then Retrospect will see their computer. What is confusing me is the XP Firewall is set with all the default settings. I add Retrospect’s port 497 TCP & UDP in the exceptions tab. Why is XP’s Firewall blocking out Retrospect when VPN is on?

Share this post


Link to post
Share on other sites

Hi

 

What VPN softare are you using? My cisco VPN software blocks local network access so the client will no longer work when its active. Can you connect to the clients via direct IP address when the VPN is running?

 

Thanks

Nate

Share this post


Link to post
Share on other sites

We are running Microsoft’s VPN client. Retrospect can not connect to the client when I type in the IP address. But when I turn off the XP’s firewall everything works fine.

Share this post


Link to post
Share on other sites

Hi

 

Check your firewall settings and make sure that port 497 is open for both UDP and TCP. I would guess that UDP is being blocked right now.

 

One time I had to set the firewall to block port 497 completely, reboot then unblock the ports before it would work.

 

Thanks

Nate

Share this post


Link to post
Share on other sites

I tired opening port 497 (TPC & UDP) on the VPN's connection, but Retrospect still does not see the computers.

 

I should point out that the backup is going through the LAN connection and not the VPN. And when the users turn off their VPN, Retrospect see them.

Share this post


Link to post
Share on other sites

Hi

 

Do you mean you opened port 497 on the firewall? Opening ports on the VPN shouldn't make any difference.

 

Thanks

nate

Share this post


Link to post
Share on other sites

I believe that's how the VPN actually works by design- it creates an encrypted tunnel between the client and your LAN, i.e., the retrospect server is not visible from client's side. However, I thought that the multicast packets should be working.

Share this post


Link to post
Share on other sites

Port 497 is open on the entire Firewall. Since Retrospect can't see the computer only when the VPN is on, I opened port 497 on the VPN connection just incase the XP's Firewall was doing something strange.

Share this post


Link to post
Share on other sites

gkowalsky6 that is exactly correct. The computer has two network connections; the LAN and the VPN. I understand Retrospect won't see the user throught the VPN, but it should see the computer through the LAN connection.

Share this post


Link to post
Share on other sites

Hi

 

VPN connections can cause lots of problems:

 

-They can route all multicast responses to the VPN adapter instead of the local lan.

-They can disallow local network access

-They can impose other firewall rules etc.

 

In short, VPN connections can cause problems with client connectivity. At this point your best bet is to try to bind the client to the local IP address using the command line Retroclient -ip command. Either that or try adding a separate NIC to the machine.

 

Thanks

Nate

Share this post


Link to post
Share on other sites

Nate, I have several computers with this problem, so adding a second NIC is not an option.

 

I am not familiar with the "Retroclient -ip command". How does it work and how should I use it? Can I use it to bind to an Active Directory name instead of an IP?

 

Thank you for all your help.

Share this post


Link to post
Share on other sites

Hi

 

It has to be by IP address. Open up an command line terminal and run \%path to client dir%\retroclient --help for a full list of client options.

 

Thanks

Nate

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×