RE: VPN to SBS through Comcast router
- From: "JAStillwell" <JAStillwell@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Oct 2005 15:16:02 -0700
Wait! It worked for a while, now I can't get through. I guess 'kludge' is
the right word for it. The only thing I can find is to open TCP/UDP port 47
to point to the SBS server. That seemed to work when I posted the 'Thanks'
message, but now it doesn't. Nothing else has been modified since then, so
I'm not sure why it would work for a while.
I can login to RWW, but this client wants to be able to use their VPN. I
suppose I could ask Comcast, but I have a feeling their reply is going to be,
"What's GRE?".
Any other insight?
Thanks,
Jeff
"JAStillwell" wrote:
> Thanks!
>
> Opening port 47 to TCP and UDP seems to work.
>
> I should probably contact Comcast about GRE protocol 47, though, as this is
> setup as a commercial account. I want to make sure that any firmware
> updates, etc. don't make my 'kludge' fix inactive!
>
> Jeff
>
>
> "Edward Tian" wrote:
>
> > Dear Jeff:
> > Thank you for posting here. Also many thanks for Leythos's great input.
> >
> > From your description, I understand that when you try to establish a VPN
> > connection, the connection cannot be successfully established and you
> > received an error 721. If I am off base, please feel free to let me know.
> >
> > Based on my knowledge, error 721 is usually caused by GRE packet not
> > properly being allowed on a router.
> >
> > You receive an "Error 721" error message when you try to establish a VPN
> > connection through your Windows Server-based remote access server
> > http://support.microsoft.com/default.aspx?scid=KB;EN-US;888201
> >
> > As Leythos mentioned, in some cases, forwarding TCP/UDP port 47 is a
> > workaround for the hardware router which is not supporting PPTP connection.
> > Some routers may still not work after we perform the port forwarding. GRE
> > was designed to provide a simple, general purpose mechanism for
> > encapsulating data sent over IP networks. GRE is a client protocol of IP
> > using IP protocol 47. Compared with TCP/UCP protocol, the IP protocol is
> > definitely a different layer protocol. That is why forwarding TCP/UDP port
> > 47 is just a WORKAROUND in some cases.
> >
> > Regarding the error 721, we usually use the PPTP Ping utility to test if
> > 1723 port and GRE protocol are allowed to pass through the router. To do
> > so:
> > a. Please run Pptpsrv.exe on the server side.
> > b. Run Pptpclnt.exe [ServerName or IPaddress] on remote client.
> > c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
> > and then click Enter.
> > d. You will see the text received at the host running Pptpsrv.exe. Then you
> > will see five GRE packets sent from Pptpclnt.exe and received at
> > Pptpsrv.exe (If successful).
> >
> > NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
> > tools. For your convenience, I have attached the file within this reply.
> > NOTE: You should stop the Routing and Remote Access service on the RRAS
> > (VPN) server so that PPTPSRV can bind to port 1723.
> >
> > Basically, we will use PPTP Ping utility to determine whether any hardware
> > router or firewall is blocking GRE Protocol 47. The router must be able to
> > pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
> > connect correctly to use VPN. When a cable/DSL router cannot map GRE
> > protocol 47 to the Routing and Remote Access server, you cannot connect to
> > the server from the Internet.
> >
> > More information about GRE 47:
> > GRE Protocol 47 Packet Description and Use
> > http://support.microsoft.com/default.aspx?scid=KB;[LN];241251
> >
> > Moreover, you can contact the vendor of the hardware router for detailed
> > information to see if such kind of router supports PPTP connection.
> >
> > Hope the above information helps. Please feel free to let me know if there
> > is anything I can do for you.
> >
> > Have a nice day! :)
> >
> > Best Regards
> > Edward Tian(MSFT)
> > Microsoft CSS Online Newsgroup Support
> >
> > Get Secure! - www.microsoft.com/security
> > ======================================================
> > This newsgroup only focuses on SBS technical issues. If you have issues
> > regarding other Microsoft products, you'd better post in the corresponding
> > newsgroups so that they can be resolved in an efficient and timely manner.
> > You can locate the newsgroup here:
> > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >
> > When opening a new thread via the web interface, we recommend you check the
> > "Notify me of replies" box to receive e-mail notifications when there are
> > any updates in your thread. When responding to posts via your newsreader,
> > please "Reply to Group" so that others may learn and benefit from your
> > issue.
> >
> > Microsoft engineers can only focus on one issue per thread. Although we
> > provide other information for your reference, we recommend you post
> > different incidents in different threads to keep the thread clean. In doing
> > so, it will ensure your issues are resolved in a timely manner.
> >
> > For urgent issues, you may want to contact Microsoft CSS directly. Please
> > check http://support.microsoft.com for regional support phone numbers.
> >
> > Any input or comments in this thread are highly appreciated.
> > ======================================================
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> > --------------------
> > | Thread-Topic: VPN to SBS through Comcast router
> > | thread-index: AcXIenwqCMbWTxnGR5i0GrBQ90Wf7Q==
> > | X-WBNR-Posting-Host: 24.9.67.87
> > | From: "=?Utf-8?B?SkFTdGlsbHdlbGw=?="
> > <JAStillwell@xxxxxxxxxxxxxxxxxxxxxxxxx>
> > | Subject: VPN to SBS through Comcast router
> > | Date: Mon, 3 Oct 2005 17:28:04 -0700
> > | Lines: 17
> > | Message-ID: <319670A1-77CD-4C03-994B-B32A1907E949@xxxxxxxxxxxxx>
> > | MIME-Version: 1.0
> > | Content-Type: text/plain;
> > | charset="Utf-8"
> > | Content-Transfer-Encoding: 7bit
> > | X-Newsreader: Microsoft CDO for Windows 2000
> > | Content-Class: urn:content-classes:message
> > | Importance: normal
> > | Priority: normal
> > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> > | Newsgroups: microsoft.public.windows.server.sbs
> > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158399
> > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> > |
> > | Hi,
> > |
> > | We just got a new Comcast router (It is a Comcast branded SMC8013WG-CCR
> > | router) for our business. I have setup NAT port forwarding for all the
> > | appropriate SBS remote functions, but I am not able to verify through SBS
> > | VPN. I know about RWW and it works, however, I need to get the VPN part
> > | working. It gives me the 721 error, which apparently is related to TCP
> > port
> > | 1723 (which is open and active), and GRE port 47. I can't find where in
> > the
> > | Comcast router I can open GRE port 47. I searched SMC's website and
> > didn't
> > | find any info.
> > |
> > | Ideas?
> > |
> > | Thanks!
> > |
> > | Jeff
> > |
> > |
.
- Follow-Ups:
- RE: VPN to SBS through Comcast router
- From: Edward Tian
- RE: VPN to SBS through Comcast router
- Prev by Date: Re: Can you tell me about the firewalls and Belkin
- Next by Date: http://<servername>/exchange authentication
- Previous by thread: Re: Workstations log off
- Next by thread: RE: VPN to SBS through Comcast router
- Index(es):
Relevant Pages
|
