@ECHO OFF
REM ******************************************
REM HSCSVPNFWFix.bat (10/4/04)
REM Special thanks to ITC for ICMP code
REM csd8n
REM ******************************************


ECHO ******************************************
ECHO    University of Virginia Health System
ECHO    Windows XP SP2 Firewall configurator
ECHO.
ECHO NOTE: This script is intended for use with 
ECHO the HS/CS VPN firewall and may not work
ECHO for other configurations.
ECHO ******************************************
ECHO.
ECHO.

ECHO - Adjusting ICMP Settings (allows PING)
REM **ICMP (PING):  Allow outbound source quench, inbound echo request, outbound time exceeded
REM Borrowed from ITC's script (adjustxpfw.bat)
netsh firewall set icmpsetting type = 4 mode = enable > nul
netsh firewall set icmpsetting type = 8 mode = enable > nul
netsh firewall set icmpsetting type = 11 mode = enable > nul
ECHO   * Done
ECHO. 

ECHO - Open ports required for HS/CS VPN configuration
ECHO   * ISAMKMP
netsh firewall set portopening protocol = UDP port = 500 name = CiscoVPN(ISAKMP) mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.93.160/255.255.255.240 > nul
ECHO   * NAT-T
netsh firewall set portopening protocol = UDP port = 4500 name = CiscoVPN(NAT-T) mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.93.160/255.255.255.240 > nul
ECHO   * IPSEC-TCP
netsh firewall set portopening protocol = TCP port = 10000 name = CiscoVPN(IPSEC-TCP) mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.93.160/255.255.255.240 > nul
ECHO   * 3.x compatibility (UDP62515)
netsh firewall set portopening protocol = UDP port = 62515 name = CiscoVPN(62515) mode = ENABLE profile = ALL scope = ALL > nul
ECHO.

ECHO ******************************************
ECHO WinXP SP2 Firewall Configuration completed
ECHO ******************************************

Pause