VPN Problems 1

[telexpress]

I have read just about everything there is on VPN troubleshooting on this forum and nothing has helped. This is my problem and what I have done.

Problem: Cannot connect to my server (W2K Server) from outside the network through a VPN connection.

I have tried and succeeded in connecting to my server while on my network at work. However, when I try to connect from outside my network, I get the “Error 721” message “The remote computer did not respond.” All ports for VPN tunneling have been opened on my router(Linksys), and for PPTP sessions. Also, this problem just occurred today after some problems with exchange, on the same server that are now fixed. Yesterday, we had no problems with our VPN connection. And no one has touched the settings for the router. Any help would be much appreciated.

 

[sbs2000pro]

First, make sure routing and remote access is running on the server. Next, check your firewall or router and make sure you have TCP Port 1723 and TCP Port 47 open and forwarded to your server. Also, enable protocol 47 and forward that to your server as well. If you can VPN inside the network, but not from home, then it must be a firewall or router situation

 

[GlenJohnson]

Also, this problem just occurred today after some problems with exchange, on the same server that are now fixed. Yesterday, we had no problems with our VPN connection. And no one has touched the settings for the router.
What was the problem with Exchange? Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
"Doubt is not a pleasant condition, but certainty is an absurd one."
Voltaire -born Francois-Marie Arouet- (1694-1778); French writer.

 

[telexpress]

This was the problem.

thread858-465864

 

[keithschm]

My problem was I only had port forwarding on and not port triggering



To setup your VPN you're going to have to follow these steps:

1. To setup port triggering open up your browser and type

http://192.168.1.1/Filters.htm

into the "Address Bar" and hit [Enter].


2. You will be prompted for a username and password.

3. By default there is no username, and the password is admin. Once you type in the password click OK

4. Once you've gotten past the login you should be at the "Filters" tab.

5. Make sure IPSec Passthrough or PPtP Passthrough are both enabled depending on the type of VPN connection you're using. If you're unsure please enable both.

6. Click Apply then Continue

7. Click on the Forwarding tab

8. Once the "Forwarding" section opens, click the Port Triggering button.

9. A new window will appear, and you'll need to set up ports 47, 1723, and 500.

ISAKMP = UDP 500
L2TP = UDP 1701
PPTP = TCP 1723

 

[telexpress]

I already had this configuration. I still get the Error 721

 

[shawnpd40]

While this is more of a netowrk question than a server question...did you also have to enable the IP port 47 for gre also or just the TCP ports for PPTP or L2TP/IPSec?

 

[John Lewis]

Few things here. First, port 47 has absolutly nothing to do with protocol 47/GRE. GRE is not enabled on a particular port. PPTP pass-through options take care of that. Not the problem here anyway, 721 indicates that the connection isn't getting far enough to use GRE. The problem lies in the initial link negotiation on 1721/tcp.

721 also tells us that the initial packet to set up the connection is not being rejected. The reply from the server to set up the connection is not being recieved at the client.

Generally, this would indicate that the service is running on the port and traffic is being routed there, although a drop rule on a firewall can also cause this behavior. Assuming the router config has not changed, as you stated, I would discount that for now.

My initial suspect would be a routing problem from the server back to the client. Try to ping the client while trying to make the connection. If you get a positive response, fine. If not, report the specific results if you need further help.

If the ping is successful, I would then look to the IP's assigned to the VPN. If the VPN IP's are on the same subnet as the network on the server side, this could be the problem. I'm sure you have not changed that, but Microsoft goes back and forth as to how the routing is handled at that level. The VPN is supposed to be created with a 255.255.255.255 mask. Usually it is, but for some reason, it is sometimes treated as if it had the same mask as the LAN. This varies between versions and even between patches, so whatever you did to fix your other problem could create a problem here.

That is a somewhat educated guess. 721 errors are a real bear in general, many possible causes. Obviously, if you were functional before, you need to look at what changed. The nature of your other problem was asked and answered, but I think the solution to that problem may be more important here. What did you do to fix it?

Also, what is the client machine running?