Windows 7 as an IPSec VPN client - firewall configuration

Page 1 of 2 12 LastLast

  1. Posts : 26
    Windows 7 Professional SP1 64bit
       #1

    Windows 7 as an IPSec VPN client - firewall configuration


    Hello,

    Thank you for reading my post.

    - I have set an ISAKMP/IPSEC VPN tunnel between two Cisco routers C1 and C2.
    - M1 is a machine in C1's LAN.
    - M2 is a machine in C2's LAN.
    - M1 is running "Windows 7".
    - M2 is running "Windows XP".

    I would like to access M2's shares from M1 and vice versa through the tunnel.

    I deactivated both firewalls on M1 and M2.
    With these settings, M1 can access M2's shares and vice versa.

    Now, if I turn on the firewall on M1, M2 can't access M1's shares anymore.

    My question is the following:
    what do I have to do in the firewall to have it work properly?

    Thank you for your help and best regards.
      My Computer


  2. Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       #2

    Now, if I turn on the firewall on M1, M2 can't access M1's shares anymore.
    =>So you turned on windows 7 firewall on M1? ths standard win7 firewall?

    Can you still PING M1 from M2?
      My Computer


  3. Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       #3

    Lea Massiot said:
    Hello,

    Thank you for reading my post.

    - I have set an ISAKMP/IPSEC VPN tunnel between two Cisco routers C1 and C2.
    - M1 is a machine in C1's LAN.
    - M2 is a machine in C2's LAN.
    - M1 is running "Windows 7".
    - M2 is running "Windows XP".

    I would like to access M2's shares from M1 and vice versa through the tunnel.

    I deactivated both firewalls on M1 and M2.
    With these settings, M1 can access M2's shares and vice versa.

    Now, if I turn on the firewall on M1, M2 can't access M1's shares anymore.

    My question is the following:
    what do I have to do in the firewall to have it work properly?

    Thank you for your help and best regards.
    So you made a tunnel between 2 cisco routers. Now all computers behind cisco1 and see all computers behind cisco2 and vice versa... correct? No special software is installed on computer itself... correct?

    please post screenshot of network centre on win7 machine
      My Computer


  4. Posts : 26
    Windows 7 Professional SP1 64bit
    Thread Starter
       #4

    Thank you for your answer.

    Can you still PING M1 from M2?
    Yes. And vice versa.

    So you made a tunnel between 2 cisco routers.
    Yes.

    Now all computers behind cisco1 and see all computers behind cisco2 and vice versa... correct?
    Yes, but only if the firewalls are turned off.

    No special software is installed on computer itself... correct?
    Correct. No special software is installed on the computers.
      My Computer


  5. Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       #5

    please post screenshot of network centre on Windows 7 machine
      My Computer


  6. Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       #6

    What is ip address of winxp machine and all other machines on that subnet?
    192.168.x.0/24 I assume

    So 192.168.x.1, 192.168.x.2, 192.168.x.3, 192.168.x.4 etcetera
    Correct? if so, what is x?
      My Computer


  7. Posts : 26
    Windows 7 Professional SP1 64bit
    Thread Starter
       #7

    C1's LAN: 192.168.1.0/24
    C2's LAN: 192.168.0.0/24

    I've created an Inbound Rule and an Outbound Rule to allow connection through UDP port 500.
    Still not working.

    BR.
      My Computer


  8. Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       #8

    Lea Massiot said:
    C1's LAN: 192.168.1.0/24
    C2's LAN: 192.168.0.0/24

    I've created an Inbound Rule and an Outbound Rule to allow connection through UDP port 500.
    Still not working.

    BR.
    Those port you probably found by reading documentation about he tunnel?! It's a tunnel between two csico routers........ pc doens't even know it!! Delete those rules!
      My Computer


  9. Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       #9

    Try this commands in elevated command prompt. These does not only allow file/printer sharing from local subnet but also from 192.168.0.0/24. Use copy/paste to prevent typing errors. 4 commands succeeded succesfully? Problem solved?

    Code:
    netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Session-In)" new remoteip=192.168.0.0/24,LocalSubnet 
    netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Name-In)" new remoteip=192.168.0.0/24,LocalSubnet
    netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-In)" new remoteip=192.168.0.0/24,LocalSubnet
    netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new remoteip=192.168.0.0/24,LocalSubnet
    Last edited by Kaktussoft; 16 Oct 2012 at 03:24.
      My Computer


  10. Posts : 26
    Windows 7 Professional SP1 64bit
    Thread Starter
       #10

    Hello and sorry for the very later answer.
    You were right, it totally was a problem of "File and Printer Sharing" permissions scope that had to be extended to the other VPN end subnet.
    Thank you.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:30.
Find Us