Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring a Win2k Server / VPN Connection 1

Status
Not open for further replies.
Feb 20, 2001
13
US
I'm hoping someone may be able to help.

I'm attempting to allow a few remote users to access their company server from home using cable modem connections through a VPN using Win2k Professional. They would be logging into a Win2k Server, which is behind a Linksys NAT router using a static DSL IP.

Windows 2000 Server configuration:
- Linksys 4 Port NAT Router (Ports 1723 & 47 are forwarded to the Win2k Server), router is acting as the DHCP server.
- 1 3com NIC.

My question:

1) In configuring the Routing & Remote Access Server, do I (a) use the remote access server option, or (b) use the VPN server option? I ask this, because if I use the VPN option, don't I need dual NIC's or is there a way to do it with one NIC? Or if I use the remote access option, how do I configure Win2k Server and Win2k Pro clients?

I hope this makes sense, but I am not able to make a solid connection. I'm able to get it to start the connection, verifying user name & password, and than it just sits, and then errors out with a Error 721: The remote computer is not responding.

Has anyone else experienced this or done a configuration for a similar scenario?

Thanks in advance for any advice or help.

Sincerely,

Mike Johnson
 
I currently have 1 PDC and BDC. The LAN is connected to the internet via the router. Would you recommend setting up VPN server on the PDC or other machine? PDC is simply File/Print server

thanks
 
hey i have the EXACT same problem as you..error 721. I'm using a win2k pro client from work trying to connect to my win2k server lan at home. I have a netgear router, i've setup RAS using ms-chap2 PPTP and opened port 47 and 1723 on my router. ...

still doesn't work. I've allowed 'allow vpn dial in' on my user account too.

any ideas>
 
I have the same problem, I upgraded the firmware and still get the same error.
 
You are correct to port forward TCP port 1723, but incorrect on port 47. PPTP, which is the VPN protocol that WIN2k uses, does use TCP port 1723, but port 47 that everyone is referring to is NOT TCP. It is Internet Protocol 47 which is GRE. Therefore standard TCP/UDP port forwarding won't work. You have to make sure that any router running NAT has a way of allowing this "protocol" through.

Hope this helps.

 
We can't connect from windows2000/Xp to our RRAS server is an Windows2000Server. The client is geting the error 619.
All ports are open to the server. What can be wrong?
 
MaxPipeline is right. Port 1723 is the TCP port PPTP uses for setting up the connection. But PPTP uses IP protocol 47. THIS IS NOT TCP/UDP!! Therefore regular NAT port forwarding does not work on port 47. According to port 47 if for NI FTP (not sure what that is considering FTP is port 21).

Your router must have PPTP pass-through capability. For instance on the Lucent/Ascend Pipeline family they have a parameter called 'tunnel server' in their NAT settings that is specifically for IP protocol 47 passthrough. This needs to be configured in addition to forwarding TCP port 1723.

Hope this helps
 
Works great with Linksys WAP114port switch cable dsl router....

and default win2k vpn configurations....

setup a couple of users, forwarded port 1723 tcp/udp (both) and made sure pptp was enabled... (for the nasty port 47)

Works great.....
 

I have the exact same question as Mike Johnson. I would like to contact Mike to see if he got the vpn running. Does anyone know how to contact him?

Jason
fasterneon@hotmail.com
 
OK here its
Internaly I can vpn until I am blue in the face ( across the lan)
I have 2 servers I can set up to vpn or ras
A simple linksys router
forwarding on 1723
I get error 721
tried the disableing netbios
I am resolving 3 domains
I tried with the 2nd ras server making sure it was part of the ras IAS security group.
Again internally Its great externally error 721
So I am thinking that the response route is not getting where it's so post to?
 
Rasseld,

try this way. I got it working in 5 minutes. This is my first time seting up vpn server. I got dlink router 713p and use only one NIC and forwarding on 1723. both tcp/ip & netbeui installed. works fine for me.
try this:

reboot your server should work perfectly.

john@onestopforall.net
 
I have two machines (running XP & Win 2000k) befind a linsys cable modem firewall. The XP box can successfully connect (using VPN) to the coorporate server but the Win2k box can not. Whats really weard is that the 2k box use to work and stopped out of the blue. I reloaded 2k and I still get error 721.

Help
 
I have two machines (running XP & Win 2000k) befind a linsys cable modem firewall. The XP box can successfully connect (using VPN) to the coorporate server but the Win2k box can not. Whats really weard is that the 2k box use to work and stopped out of the blue. I reloaded 2k and I still get error 721.

Help
 
I have two machines (running XP & Win 2000k) befind a linsys cable modem firewall. The XP box can successfully connect (using VPN) to the coorporate server but the Win2k box can not. Whats really weard is that the 2k box use to work and stopped out of the blue. I reloaded 2k and I still get error 721.

Help
 
I am finding information that the ISP may have "control", as to whether the GRE protocol can pass on their networks. I have setup a vpn behind a linksys, with the PPTP enabled, port 1723 opened, hell EVERYTHING is open, and still not able to connect to the RRAS. I have talked to the ISP, (SoCal roadrunner) and they are less than forthcoming with info. Plus, as a residential subscriber, they DO NOT support servers on their network. Any further information on this?
 
My ISP is Socal Roadrunner, and I have successfuly configured and connected my VPN, anyway here are some sites that I hope may help some of you.


now if you are behind a router here is a website that may help. The router has a lot to do with your connection and the 721 error your getting, hope you bought the right router.

 
What error messages are you getting? Before PPTP starts sending GRE packets, it does some negotiation using regular TCPIP. If the negotiation is successful, then that indicates that the cable company is indeed blocking your GRE packets. However, if the negotiation is unsuccessful, you probably have configured your linksys incorrectly. Also, you might want to make sure that the linksys supports GRE -- some of them don't.

Further information is available on my site:


Good luck,

Phil
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top