Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 as an IPSec VPN client - firewall configuration

11 Oct 2012   #1
Lea Massiot

Windows 7 Professional SP1 64bit
 
 
Windows 7 as an IPSec VPN client - firewall configuration

Hello,

Thank you for reading my post.

- I have set an ISAKMP/IPSEC VPN tunnel between two Cisco routers C1 and C2.
- M1 is a machine in C1's LAN.
- M2 is a machine in C2's LAN.
- M1 is running "Windows 7".
- M2 is running "Windows XP".

I would like to access M2's shares from M1 and vice versa through the tunnel.

I deactivated both firewalls on M1 and M2.
With these settings, M1 can access M2's shares and vice versa.

Now, if I turn on the firewall on M1, M2 can't access M1's shares anymore.

My question is the following:
what do I have to do in the firewall to have it work properly?

Thank you for your help and best regards.


My System SpecsSystem Spec
.

11 Oct 2012   #2
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Now, if I turn on the firewall on M1, M2 can't access M1's shares anymore.
=>So you turned on windows 7 firewall on M1? ths standard win7 firewall?

Can you still PING M1 from M2?
My System SpecsSystem Spec
11 Oct 2012   #3
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Lea Massiot View Post
Hello,

Thank you for reading my post.

- I have set an ISAKMP/IPSEC VPN tunnel between two Cisco routers C1 and C2.
- M1 is a machine in C1's LAN.
- M2 is a machine in C2's LAN.
- M1 is running "Windows 7".
- M2 is running "Windows XP".

I would like to access M2's shares from M1 and vice versa through the tunnel.

I deactivated both firewalls on M1 and M2.
With these settings, M1 can access M2's shares and vice versa.

Now, if I turn on the firewall on M1, M2 can't access M1's shares anymore.

My question is the following:
what do I have to do in the firewall to have it work properly?

Thank you for your help and best regards.
So you made a tunnel between 2 cisco routers. Now all computers behind cisco1 and see all computers behind cisco2 and vice versa... correct? No special software is installed on computer itself... correct?

please post screenshot of network centre on win7 machine
My System SpecsSystem Spec
.


11 Oct 2012   #4
Lea Massiot

Windows 7 Professional SP1 64bit
 
 

Thank you for your answer.

Quote:
Can you still PING M1 from M2?
Yes. And vice versa.

Quote:
So you made a tunnel between 2 cisco routers.
Yes.

Quote:
Now all computers behind cisco1 and see all computers behind cisco2 and vice versa... correct?
Yes, but only if the firewalls are turned off.

Quote:
No special software is installed on computer itself... correct?
Correct. No special software is installed on the computers.
My System SpecsSystem Spec
11 Oct 2012   #5
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

please post screenshot of network centre on Windows 7 machine
My System SpecsSystem Spec
11 Oct 2012   #6
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

What is ip address of winxp machine and all other machines on that subnet?
192.168.x.0/24 I assume

So 192.168.x.1, 192.168.x.2, 192.168.x.3, 192.168.x.4 etcetera
Correct? if so, what is x?
My System SpecsSystem Spec
15 Oct 2012   #7
Lea Massiot

Windows 7 Professional SP1 64bit
 
 

C1's LAN: 192.168.1.0/24
C2's LAN: 192.168.0.0/24

I've created an Inbound Rule and an Outbound Rule to allow connection through UDP port 500.
Still not working.

BR.
My System SpecsSystem Spec
15 Oct 2012   #8
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Lea Massiot View Post
C1's LAN: 192.168.1.0/24
C2's LAN: 192.168.0.0/24

I've created an Inbound Rule and an Outbound Rule to allow connection through UDP port 500.
Still not working.

BR.
Those port you probably found by reading documentation about he tunnel?! It's a tunnel between two csico routers........ pc doens't even know it!! Delete those rules!
My System SpecsSystem Spec
15 Oct 2012   #9
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

Try this commands in elevated command prompt. These does not only allow file/printer sharing from local subnet but also from 192.168.0.0/24. Use copy/paste to prevent typing errors. 4 commands succeeded succesfully? Problem solved?

Code:
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Session-In)" new remoteip=192.168.0.0/24,LocalSubnet 
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Name-In)" new remoteip=192.168.0.0/24,LocalSubnet
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-In)" new remoteip=192.168.0.0/24,LocalSubnet
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new remoteip=192.168.0.0/24,LocalSubnet
My System SpecsSystem Spec
31 Oct 2012   #10
Lea Massiot

Windows 7 Professional SP1 64bit
 
 

Hello and sorry for the very later answer.
You were right, it totally was a problem of "File and Printer Sharing" permissions scope that had to be extended to the other VPN end subnet.
Thank you.
My System SpecsSystem Spec
Reply

 Windows 7 as an IPSec VPN client - firewall configuration




Thread Tools





Similar help and support threads
Thread Forum
Windows 7 Firewall configuration
I want to know how to configure a custom scope in Windows 7 firewall for only 1 ip address to connect to computer with file and printer sharing. It seems that I can only configure by all or local subnet, not just 1 ip address. Thanks,
System Security
eset firewall and anti virus or whats the best firewall with windows
IS the esset firewall any worth comparied to comando? or outpost or others? I know its mainly a anti virus with built in firewall but does is it worth it? is comando the best?
System Security
Win7 Firewall Controll (Sphynx) - configuration?
Hello, First post on the forum. I've just moved to Win7 from XP after 7 years of XP, and am using MS antivirus and firewall. I've installed Firewall Controll (free) from Sphynx software, but I'm having problems getting it to work correctly. The program catches apps wanting outbound...
System Security
Windows 7 and IPSEC Cisco client 5.0.07.0290 issue
Hello, I am trying to fire up the client after a normal logon but I am receiving the following error from the Cisco IPSEC client: "Error 56: The Cisco Systems, Inc. VPN Service has not been started" My platform is Windows 7 Professional on a Lenovo T400 unit, I tested other versions...
Network & Sharing
Few problems after Firewall Client
Hi I installed Win7 and all was working 100%. Today i loaded Microsoft Firewall Client 4 to be able to use it on my office network. After installing i started to have loads of problems. First it was not booting it gave me a black screen after applying the password. I then booted in safe mode and...
System Security
Firewall configuration rules for Win 7 FW?
Can someone share his configuration rules for the Win 7 FW or is there something like a public shared collection? Some time ago I used Agnitum Outpost Pro and really likes that they had a database behind which suggested rules for many common (and less common) programs. Now I would like to use the...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App