Routing and Remote Access Wizard for VPN Server creates non-specific input and output filters

Article translations Article translations
Article ID: 260926 - View products that this article applies to.
This article was previously published under Q260926
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

Symptoms

When you setup a VPN server by using the Routing and Remote Access (RRAS) Configuration Wizard, you are asked to specify an Internet connection. When you select an adapter from the list presented, input and output filters are assigned to each adapter. These filters are not secure enough by default because they specify from "any address" to "any address" in the source field.

Cause

When you use the RRAS Wizard to set up your VPN server, the default settings are set to "ANY-ANY" for the Internet interface, when it should only specify the IP address of the network card that is connected to the Internet. This is the case for both the input and the output filters of the Internet interface.

Resolution

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
You can manually enter the specified IP address by editing the input and output filters to resemble examples 3 and 4 in the "More Information" section of this article. Do this after you run the RRAS Wizard and select the VPN server option.

To modify the filters, open Routing and Remote Access:
  1. Under Server Name/IP Routing, click the General icon.
  2. In the right pane, right-click the interface that is connected to the Internet, and then click Properties to view the properties of the interface.
  3. On the General tab, click Input Filters.
  4. Edit the input filters and replace the scr address "Any" with the IP address of the desired interface.
  5. Click OK.
  6. Edit the output filters and replace the scr address "Any" with the IP address of the desired interface.
  7. Click OK, and then click OK again.

Status

Microsoft has confirmed that this is a problem in Microsoft Windows 2000.

This problem was first corrected in Windows 2000 Service Pack 1.

More information

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
255784 Increasing security on Windows 2000 VPN Server
254018 How to configure input filters for services that run behind network address translation

Properties

Article ID: 260926 - Last Review: October 26, 2013 - Revision: 4.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbnosurvey kbarchive kbbug kbenv kbfix kbnetwork kbwin2000sp1fix KB260926

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com