Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Issue 2

Status
Not open for further replies.

piyu75

IS-IT--Management
Aug 16, 2006
44
US
When I try to connect to my Win 2003 SBS through vpn it just hangs at password verification. I read lot of posting about this trouble and sounds like lot of people had it in the past. I tried almost everything people said but no luck. I can telnet on 1723 port. I get successfull PPTP reply through PPTPclnt. I checked client ( home XP) firewall and added 1723 port, just in case. I can VPN in to the server from any machine with in the LAN, can VPN in from the server to the server using domain name but NOT IP address. only thing that changed from when I used to get through and now is router. router was replaced by new one. its a netgear router supplied by comcast. even one of the other vpn user told me that he can successfully get through. that confused me even more. I am lost here with no clue what else can I check. I am going to ask comcast to update the firmware of the router. since router is brand new so i have doubts that it will do any good. any ideas ?
I read a post in WIn server 2003 forum where user had same problem but his solution does not apply to my system.
 
You said that "the other vpn user told me that he can successfully get through", so this problem only applies to one client PC? Is there any other VPN that you can try and connect to from the problem PC?
 
Assuming you receive VPN error 800 or 721, it may be the GRE issue. You may want to upgrade the router firmware first. These search results may help,

case Studies - VPN error 721 and 800
Case 1: When a user attempts to access the Windows VPN server that is behind a Linksys WRT54G, he receives VPN Error 800 or 721. ...
- Similar pages


error 721 and error 800
Q: Error 721 and error 800. I have SBS 2003 Standard Edition. ... I double checked the check list in server management and enabled VPN to the appropriate ...
- Similar pages


cannot establish VPN with error 721 and 800
Cannot establish VPN with error 721 and 800. Situation: 1. The client setup VPN behind a Cisco 678 DMT. Whenever he tries to establish the VPN, ...



Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
 
VPN uses GRE on port 47 and port 1723 as well. I just had a similar problem earlier this afternoon - I replaced the Linksys router with an SMC router and everything worked flawlessly.
 
lwcomputing... you're close (I thought you knew this)... but it's not PORT 47, rather it's PROTOCOL 47. Protocol 47 is usually designated as "VPN Passthrough" or "PPTP Passthrough" on most routers. Enabling that will allow a proper connection.

The other reason that there could be problems connecting is if the IP Subnet on the remote computer/network is the same as that of the SBS's. For instance if both are in the 192.168.1.x range then there will undoubtedly be a conflict.

Jeff
TechSoEasy
 
You know what threw me?

It wasn't clear (search the page for 47) - it did say protocol but the wording implied I needed to open a port and I was doing this the other day when having a problem and not having port 47 open (opening it didn't solve it; replacing the router solved it).

When I think back, I do remember this - We had conversations about this back at the company I used to work for when we had to allow VPN connections through our firewall...
 
I suspect it to be GRE Error as well.
Jeff: Both remote computer and SBS private IP in the range 192.168.X.X can that cause the issue ? Remote computer get IP from its router running DHCP and I cant do a static IP here. On the other hand I can not change server IP as well. What can I do to resolve this conflict.
 
Both being in the IP range of 192.168.x.x would only be a problem if the subnet mask was 255.255.0.0. But I'd suspect that the subnet mask is 255.255.255.0. (assuming that the third octet is different in each, ie, 192.168.0.x and 192.168.1.x).

The remote computer may very well get an IP from it's router, but when it connects to the VPN it will obtain a second IP from the SBS.

There shouldn't be any conflict if the subnet masks are as I described above.

Jeff
TechSoEasy
 
When you get connected internally, what IP address are you getting?

I had an issue where I had the ISA 2004 Firewall reconfigured and users could connect but not obtain the correct IP address.

Try running the Configure Remote Access Wizard in the To Do list within Server Management. This cured the issue for me!

HTH,
Carl.
 
Ogi,
I did not check IP when I connect Internally. I performed a check yesterday with PPTPsrv and PPTPclnt. I stopped RRAS service on SBS and ran PPTPsrv and then ran PPTPclnt from problematic remote computer. I recived the test message at the server but did not recieve any GRE packets. I did the same test with remote compter with in LAN and I recieved test message as well as GRE packets. I am thinking there could be two things one: remote computers router is not sending GRE packets or netgear router at SBS is not passing it through. only things throws me out is how 2 users are able to get thru VPN. I will check internal IP tonite and post it.
 
I found out within LAN clients pull up 192.168.2.x as PPTP adapter IP.
 
It wouldn't throw me to know that 2 users are able to get in... in fact that is what you can compare to in order to see what the differences are.

It's possible that either the Windows firewall on the remote computer could also be the problem. I use Windows OneCare on my home systems and it has a specific setting to allow GRE through the outbound channel.

Configured properly, SBS will set aside 5 IP Addresses in DHCP for PPTP connections. Just FYI.

Jeff
TechSoEasy

 
I have XP sp2 at remote computer and I tried turning off windows firewall. still same problem. Even I tried with the laptop which used to be able to dial in but not any more. I think I am gonna try changing the router in coule of days.
 
I finally replaced the netgear business gateway router to a SMC router and everything works great now. Thanks for all ideas you guys came up with.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top