Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
CheckPoint's VPN software has a Stateful Packet Inspection firewall, I believe, that is on, even when the VPN connection is not established. Check the Help files for how to turn the SPI firewall off.
--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
"hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:6C91A9BC-308A-4D18-9E09-8B65928577D0@microsoft.com...
> Well, I verifed that I have an ICMP exception for PING/echo and have port 445
> open on both machies (with the scope of the exception being my network, i.e.
> subnet) - But I still am not able to get an comminucation b/w the machines.
>
> RE: Firewall on/off - now a correction to one of my eariler posts. When
> logged into the local machine (i.e. not the domain) for both machines: On
> Machine A, on the Firewall's General tab, The "Off..." radio button is
> selected, but both the "On..." and "Off..." buttons are disabled (greyed
> out). The message at the bottom states that "Windows Firewall is using your
> domain settings". On machine B, on the Firewall's General tab, the "Off..."
> radio button is selected and enabled. The message at the bottom of the screen
> states that "Windows Firewall is using your NON-domain settings". I'm not
> sure of this discrepancy is causing an issue.
>
> What other reasons would there be that I can't get these two machines to
> talk - given they could communicate before I installed XP SP2?
>
> Ok, one other possible issue - I just realized that I also installed
> Checkpoint Software technologies' VPN-1 SecureClient software on both
> machines. It looks like it has settings for security profiles but I don't see
> a way to set exceptions... could this be the culprit? If so, any ideas on how
> to deal with it (other than disabling it...)
>
> Thanks for your help thus far!
>
> Charles
>
> "Doug Knox MS-MVP" wrote:
>
>> You should be able to do it by IP address, or by machine name. If port 445 is opened, then you shouldn't have any problem. Since you're behind a router, have you tried turning XP's firewall off? If that works, then its definitely a firewall issue.
>>
>> --
>> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> Win 95/98/Me/XP Tweaks and Fixes
>>
http://www.dougknox.com
>> --------------------------------
>> Per user Group Policy Restrictions for XP Home and XP Pro
>>
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> --------------------------------
>> Please reply only to the newsgroup so all may benefit.
>> Unsolicited e-mail is not answered.
>>
>> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:6CEC5EE8-CDA7-4DCF-B929-DD785622912C@microsoft.com...
>> > So, it appears that I have an exception for ping/echo and port 445 open - but
>> > I'm still not able to map (or ping) from one PC to the other...
>> >
>> > Any other suggestions?
>> >
>> > BTW, say for instance, that my IP addresses are 192.168.0.100 and .....101 on
>> > the two machines respectively... I should be able to map drives from one
>> > machine to the other using the router assigned IPs (that's how I used todo it
>> > before I upgraded to XP SP2...)
>> >
>> > I'm stumped!
>> >
>> > "Doug Knox MS-MVP" wrote:
>> >
>> >> ICMP Echo is the same as a Ping. Port 445 should be the port that ping's come in on.
>> >>
>> >> --
>> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> Win 95/98/Me/XP Tweaks and Fixes
>> >>
http://www.dougknox.com
>> >> --------------------------------
>> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >>
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> --------------------------------
>> >> Please reply only to the newsgroup so all may benefit.
>> >> Unsolicited e-mail is not answered.
>> >>
>> >> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:E31F3DEA-4B31-45AE-9918-2A2D0DBAB0E9@microsoft.com...
>> >> > Oops, I see that in your message now...
>> >> >
>> >> > Ok, on both PC's I've got the option "Allow incoming echo request" checked
>> >> > but nothing else. I don't see anything about "Ping".
>> >> > Is there some port that I need to enable (and how)?
>> >> >
>> >> > "Doug Knox MS-MVP" wrote:
>> >> >
>> >> >> ICMP packet exceptions are on the Advanced tab, ICMP section, not the Exceptions tab.
>> >> >>
>> >> >> --
>> >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> >>
http://www.dougknox.com
>> >> >> --------------------------------
>> >> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> >>
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> >> --------------------------------
>> >> >> Please reply only to the newsgroup so all may benefit.
>> >> >> Unsolicited e-mail is not answered.
>> >> >>
>> >> >> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:AF5B5596-FF27-4E01-AA90-714D5F859279@microsoft.com...
>> >> >> > Thanls for the quick reply!
>> >> >> >
>> >> >> > On the "Windows Firewall" dialog's general tab, both the on and off radio
>> >> >> > buttons are greyed out - and there's a message at the bottom stating that the
>> >> >> > "Windows Firewall is using your domain settings"... (I'm logged in on the
>> >> >> > domain account - the firewall has this same setting when I login to the local
>> >> >> > machine)
>> >> >> >
>> >> >> > Regardless, under the exceptions tab, I have no program or service named
>> >> >> > like "ICMP Ping/echo packets" - how do I add this exception to the list
>> >> >> > (clicking add programs reveals no program like "*ICMP*")? Further, how will I
>> >> >> > know whick port(s) to open up without creating a security risk for myself?
>> >> >> >
>> >> >> > "Doug Knox MS-MVP" wrote:
>> >> >> >
>> >> >> >> Is the Windows firewall enabled? If so, check the firewall exceptions to ensure that ICMP Ping/echo packets are allowed. This setting and other ICMP settings are found on the Advanced tab, ICMP, Settings.
>> >> >> >>
>> >> >> >> --
>> >> >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
>> >> >> >> Win 95/98/Me/XP Tweaks and Fixes
>> >> >> >>
http://www.dougknox.com
>> >> >> >> --------------------------------
>> >> >> >> Per user Group Policy Restrictions for XP Home and XP Pro
>> >> >> >>
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> >> >> --------------------------------
>> >> >> >> Please reply only to the newsgroup so all may benefit.
>> >> >> >> Unsolicited e-mail is not answered.
>> >> >> >>
>> >> >> >> "hzgt9b@nopost.com" <hzgt9bnopostcom@discussions.microsoft.com> wrote in message news:F572A6B0-5C5C-4277-B825-73004A4DEB50@microsoft.com...
>> >> >> >> >I am having trouble getting a connection (ping, with eventual desire to map a
>> >> >> >> > drive) between two machines on XP SP2 - before upgrading to XP SP2 I did not
>> >> >> >> > have this problem.
>> >> >> >> >
>> >> >> >> > Here's my set up...
>> >> >> >> > Two laptops with XP SP2, connected via a router. When logging into the
>> >> >> >> > "local machine" on both laptops, neither machine can PING the other. Same
>> >> >> >> > story when I login to both machines on the same domain... what gives.
>> >> >> >> >
>> >> >> >> > I know the IP addresses of both machines, subnet mask and such - but I can't
>> >> >> >> > reach one machine from the other... I need help - can someone throw me a bone?
>> >> >> >>
>> >> >>
>> >>
>>
Facebook
Twitter
Instagram