Re: VPN Connection Failure
From: Marina Roos [SBS-MVP] (marina_at_roos.nodontwantspam.nl.com)
Date: 02/19/05
- Next message: Jeff Teel: "Re: ISA SP2 concerns!"
- Previous message: sam1967_at_hetnet.nl: "SBS and VPN"
- In reply to: Jim: "Re: VPN Connection Failure"
- Next in thread: Joe: "Re: VPN Connection Failure"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 19 Feb 2005 15:30:25 +0100
Hi Jim,
Error 721 means that your router is not passing through the GRE-protocol 47,
also known as PPTP Pass through. Your router might need a firmware upgrade,
or maybe even a downgrade.
-- Regards, Marina Microsoft SBS-MVP One of the Magical M&M's "Jim" <Jim@discussions.microsoft.com> schreef in bericht news:DB1831AB-7C0E-4555-B618-C516209A284A@microsoft.com... > > > "Joe" wrote: > > > In message <70EFA3DA-E7F8-410A-A6E2-D92189A97A60@microsoft.com>, Jim > > <Jim@discussions.microsoft.com> writes > > >I am having difficulty resolving a VPN connection error. When attempting to > > >establish a VPN connection, the client shows that it has contacted the server > > >and is attempting to authenticate the user ID and password (PPP). > > > > > >It eventually times out and fails/retrys in a continuous loop. > > > > > >From the server, I can watch the connections as see that the VPN connector > > >in question is active. It starts with a state of "listening" and then > > >changes, showing an attempted connection. > > > > > >I have tried to enable logging (errors) but don't see anything. The user > > >profiles have dial-in access enabled and are members of the "mobile" group. > > > > > >When the client is in my local domain, it connects without any problem. > > >This issue only occurs outside the firewall. I know what you are thinking - > > >the firewall is the issue, but this still occurs when I turn the firewall > > >off. I have the ports indicated in the documentation turned on and forwarded > > >to the server's IP and, to ensure this, I have also enabled PnP > > >configureation of the firewall by the SBS internet connection wizard. It's > > >not the firewall (unless there is something way down in the weeds that I > > >missed). > > > > > Quick shot in the dark: does the client have a network interface set to > > use the same IP subnet as the SBS LAN? If so, routing won't work so > > nothing gets sent up the link. Call up the connection status display as > > soon as possible after the link comes up and look at the IP addresses. > > Compare with 'ipconfig /all' on the client. > > the subnet mask is 255.255.255.0 for all computers involved. Additionally, > the configuration wizard for remote access in SBS defaults to using a server > assigned, dynamic IP address for the client using RAS. Would this type of an > error be a minconfiguration in how the dynamic address is assigned? > > > > > The other classic cause of 'connection made, no authentication' is that > > the TCP/IP connection over port 1723 is working, but not the GRE > > protocol 47 connection. PPTP only needs the first to make a connection, > > but needs the second to actually pass data, including authentication > > negotiations. > > > Both ports are enabled and forwarded through the firewall to the IP address > of my SBS. > > > >This issue only occurs outside the firewall. I know what you are thinking - > > >the firewall is the issue, > > > > Apart from IP routing issues, this *is* a rational conclusion. Apart > > from the firewall's behaviour, you're on a different IP subnet than when > > connected locally. It seems very likely that one of the two factors is > > to blame. When you say 'turn the firewall off' are you sure it's passing > > everything? > > > It is a linksys firewall/router and I have tried setting the firewall to > "off" and I receive the same result. Also, the firewall settings on the LAN > and WAN adapters within the SBS server are off. > > > >Any ideas or recomended approaches to resolve this issue? > > > > > The firewall is usually the best line of attack, even if it isn't likely > > to be the cause of the problem. Does it keep a log of connections, and > > can you deduce anything from that? A firewall or router which can be > > configured to log particular port traffic or protocols while passing > > them is extremely useful in this situation. > > I will try logging at the firewall, thanks for the idea. BTW, the error I > receive at the client is a "721" error: the remote computer did not respond > to the connection request. > > > > > -- > > Joe > >
- Next message: Jeff Teel: "Re: ISA SP2 concerns!"
- Previous message: sam1967_at_hetnet.nl: "SBS and VPN"
- In reply to: Jim: "Re: VPN Connection Failure"
- Next in thread: Joe: "Re: VPN Connection Failure"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
