Article ID: 260926 - View products that this article applies to.
This article was previously published under Q260926
This article has been archived. It is offered "as is" and will no longer be updated.
When you setup a VPN server by using the Routing and Remote Access (RRAS) Configuration Wizard, you are asked to specify an Internet connection. When you select an adapter from the list presented, input and output filters are assigned to each adapter. These filters are not secure enough by default because they specify from "any address" to "any address" in the source field.
When you use the RRAS Wizard to set up your VPN server, the default settings are set to "ANY-ANY" for the Internet interface, when it should only specify the IP address of the network card that is connected to the Internet. This is the case for both the input and the output filters of the Internet interface.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910You can manually enter the specified IP address by editing the input and output filters to resemble examples 3 and 4 in the "More Information" section of this article. Do this after you run the RRAS Wizard and select the VPN server option.
(http://support.microsoft.com/kb/260910/EN-US/ )How to Obtain the Latest Windows 2000 Service Pack
To modify the filters, open Routing and Remote Access:
Microsoft has confirmed that this is a problem in Microsoft Windows 2000.
This problem was first corrected in Windows 2000 Service Pack 1.
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/255784/ )Increasing security on Windows 2000 VPN Server
(http://support.microsoft.com/kb/254018/ )How to configure input filters for services that run behind network address translation
Contact us for more help
Connect with Answer Desk for expert help.