VPN limitation error 721

[bjmorse]

We have a win2k VPN server. I have been able to initiate multiple connections from my home PCs to our VPN server.

Recently some of our staff has been traveling to Korea. We have noticed that they can not initiate multiple VPN connections from the hotel. (If one person is connected, the others will error out with error 721).
Is there some limitation that I'm missing? What could cause this? It's odd that it works just fine from my home (multiple PCs, same source IP address), but not from the hotel in Korea.

 

[John Lewis]

It has to do with the router hardware/firmware/software that is being used to do NAT at the remote site.

Most older routers (and even many newer ones) cannot keep track of multiple VPN connections going to the same VPN server.

 

[TroubleGum]

I too had the same problem, which I have managed to solve.

Server
OS - Windows 2000 Server
Firewall - ISA Server 2000
NIC 1 - DMZ
Alcatel Speedtouch 300 - BB Internet Connection

Client
OS - Windows 2000 Pro
Firewall - Zone Alarm Pro
Dial Up Adapter - Internet Connection

I first installed the VPN and created the appropriate packet filters for the firewall to allow communication on port 1723.

Then I tested the connection by creating a VPN connection to the external (Internet) facing IP address, all was fine the connection authenticated and I was connected to the VPN.

The next thing was to try and access the VPN from home. I set the firewall to allow the connections, then the VPN connection as before pointing to the external IP address, however upon trying to connect I was faced with the dreaded 721 error as above.

I thought that it may possibly have been a problem with the client configuration as it seemed to work fine at the server end.

From this point I took the client to the site so that I could test the configurations at both ends. Upon arriving at the site I checked through the VPN Server and all appeared fine. The first thing I wanted to do was to connect the client so that I could watch what was happening at the server end, so I connected to the VPN connection created earlier and to my astonishment, it connected all ok. I could peruse the network etc and all was working fine.

I took the client back home, thinking that all was ok, maybe some setting had taken a little bit longer to set itself. Upon connecting the client up back at home, I connected to the afore mentioned VPN connection once again, and was greeted with a 721 error.

I was at a loss, everytime I dialled from site it worked, everytime from home it hadn't, I was using the same software/hardware at both sites. So where could the problem lie - That set me thinking about the telephone lines and the differences - On my home line I have a private number (the number doesn't show/Witheld) where as on site its sent. Although I didn;t think it should make any difference to the VPN connection, as my Internet connection is allready established before. I changed the dial up for the net connection to include 1470 at the beginning. Re-dialled the net connection, and attempted to connect to the VPN again, it worked!

I know it may be a little of subject from the original post, but it might not be, as some hotels / businesses often use a PBX style telephone system that depending on which outgoing line you get, doesn't send the phone number which could cause the above 721 error, just a thought but maybe.

Hopefully this will help someone as it appears that there are a lot of people that have tried to set this up to no avail, and the phone line is not always the first thing that pops in ya mind