RE: VPN to SBS through Comcast router
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Wed, 05 Oct 2005 01:33:38 GMT
Dear Jeff:
Thanks for your update.
As I mentioned before, forwarding TCP/UDP port 47 is just a workaround for
the hardware router which is not supporting PPTP connection. Chances are
that sometimes the VPN connection can be established successfully, but
other times not because some acknowledgement information in GRE packet
cannot be sent to the destination side. We should note that the GRE is
based on IP protocol other than TCP/UDP protocol, they are different layer
based procotols. You can perform the PPTP Ping test to see if the GRE is
allowed to pass through. The utility is attached in my original reply.
Moreover, if it comes to the conclusion that the hardware router doesn't
fully support GRE procotol, I suggest you replace a new one which can work
well with the PPTP connection. Thanks for your understanding on that.
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN to SBS through Comcast router
| thread-index: AcXJMTSQ9WKYKHuSTpuTaE2vGD+tTQ==
| X-WBNR-Posting-Host: 168.103.194.211
| From: "=?Utf-8?B?SkFTdGlsbHdlbGw=?="
<JAStillwell@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <319670A1-77CD-4C03-994B-B32A1907E949@xxxxxxxxxxxxx>
<ztKyHaJyFHA.3032@xxxxxxxxxxxxxxxxxxxxx>
<B8564648-179A-49DF-964C-8EA31289F86A@xxxxxxxxxxxxx>
| Subject: RE: VPN to SBS through Comcast router
| Date: Tue, 4 Oct 2005 15:16:02 -0700
| Lines: 165
| Message-ID: <FE46D38C-1537-49EE-8879-7CB0C2F24A98@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158739
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Wait! It worked for a while, now I can't get through. I guess 'kludge'
is
| the right word for it. The only thing I can find is to open TCP/UDP port
47
| to point to the SBS server. That seemed to work when I posted the
'Thanks'
| message, but now it doesn't. Nothing else has been modified since then,
so
| I'm not sure why it would work for a while.
|
| I can login to RWW, but this client wants to be able to use their VPN. I
| suppose I could ask Comcast, but I have a feeling their reply is going to
be,
| "What's GRE?".
|
| Any other insight?
|
| Thanks,
|
| Jeff
|
| "JAStillwell" wrote:
|
| > Thanks!
| >
| > Opening port 47 to TCP and UDP seems to work.
| >
| > I should probably contact Comcast about GRE protocol 47, though, as
this is
| > setup as a commercial account. I want to make sure that any firmware
| > updates, etc. don't make my 'kludge' fix inactive!
| >
| > Jeff
| >
| >
| > "Edward Tian" wrote:
| >
| > > Dear Jeff:
| > > Thank you for posting here. Also many thanks for Leythos's great
input.
| > >
| > > From your description, I understand that when you try to establish a
VPN
| > > connection, the connection cannot be successfully established and you
| > > received an error 721. If I am off base, please feel free to let me
know.
| > >
| > > Based on my knowledge, error 721 is usually caused by GRE packet not
| > > properly being allowed on a router.
| > >
| > > You receive an "Error 721" error message when you try to establish a
VPN
| > > connection through your Windows Server-based remote access server
| > > http://support.microsoft.com/default.aspx?scid=KB;EN-US;888201
| > >
| > > As Leythos mentioned, in some cases, forwarding TCP/UDP port 47 is a
| > > workaround for the hardware router which is not supporting PPTP
connection.
| > > Some routers may still not work after we perform the port forwarding.
GRE
| > > was designed to provide a simple, general purpose mechanism for
| > > encapsulating data sent over IP networks. GRE is a client protocol of
IP
| > > using IP protocol 47. Compared with TCP/UCP protocol, the IP protocol
is
| > > definitely a different layer protocol. That is why forwarding TCP/UDP
port
| > > 47 is just a WORKAROUND in some cases.
| > >
| > > Regarding the error 721, we usually use the PPTP Ping utility to test
if
| > > 1723 port and GRE protocol are allowed to pass through the router. To
do
| > > so:
| > > a. Please run Pptpsrv.exe on the server side.
| > > b. Run Pptpclnt.exe [ServerName or IPaddress] on remote client.
| > > c. When prompted by Pptpclnt.exe, type some text to send to
Pptpsrv.exe,
| > > and then click Enter.
| > > d. You will see the text received at the host running Pptpsrv.exe.
Then you
| > > will see five GRE packets sent from Pptpclnt.exe and received at
| > > Pptpsrv.exe (If successful).
| > >
| > > NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP
support
| > > tools. For your convenience, I have attached the file within this
reply.
| > > NOTE: You should stop the Routing and Remote Access service on the
RRAS
| > > (VPN) server so that PPTPSRV can bind to port 1723.
| > >
| > > Basically, we will use PPTP Ping utility to determine whether any
hardware
| > > router or firewall is blocking GRE Protocol 47. The router must be
able to
| > > pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic
to
| > > connect correctly to use VPN. When a cable/DSL router cannot map GRE
| > > protocol 47 to the Routing and Remote Access server, you cannot
connect to
| > > the server from the Internet.
| > >
| > > More information about GRE 47:
| > > GRE Protocol 47 Packet Description and Use
| > > http://support.microsoft.com/default.aspx?scid=KB;[LN];241251
| > >
| > > Moreover, you can contact the vendor of the hardware router for
detailed
| > > information to see if such kind of router supports PPTP connection.
| > >
| > > Hope the above information helps. Please feel free to let me know if
there
| > > is anything I can do for you.
| > >
| > > Have a nice day! :)
| > >
| > > Best Regards
| > > Edward Tian(MSFT)
| > > Microsoft CSS Online Newsgroup Support
| > >
| > > Get Secure! - www.microsoft.com/security
| > > ======================================================
| > > This newsgroup only focuses on SBS technical issues. If you have
issues
| > > regarding other Microsoft products, you'd better post in the
corresponding
| > > newsgroups so that they can be resolved in an efficient and timely
manner.
| > > You can locate the newsgroup here:
| > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > >
| > > When opening a new thread via the web interface, we recommend you
check the
| > > "Notify me of replies" box to receive e-mail notifications when there
are
| > > any updates in your thread. When responding to posts via your
newsreader,
| > > please "Reply to Group" so that others may learn and benefit from
your
| > > issue.
| > >
| > > Microsoft engineers can only focus on one issue per thread. Although
we
| > > provide other information for your reference, we recommend you post
| > > different incidents in different threads to keep the thread clean. In
doing
| > > so, it will ensure your issues are resolved in a timely manner.
| > >
| > > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > > check http://support.microsoft.com for regional support phone numbers.
| > >
| > > Any input or comments in this thread are highly appreciated.
| > > ======================================================
| > > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > >
| > > --------------------
| > > | Thread-Topic: VPN to SBS through Comcast router
| > > | thread-index: AcXIenwqCMbWTxnGR5i0GrBQ90Wf7Q==
| > > | X-WBNR-Posting-Host: 24.9.67.87
| > > | From: "=?Utf-8?B?SkFTdGlsbHdlbGw=?="
| > > <JAStillwell@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > > | Subject: VPN to SBS through Comcast router
| > > | Date: Mon, 3 Oct 2005 17:28:04 -0700
| > > | Lines: 17
| > > | Message-ID: <319670A1-77CD-4C03-994B-B32A1907E949@xxxxxxxxxxxxx>
| > > | MIME-Version: 1.0
| > > | Content-Type: text/plain;
| > > | charset="Utf-8"
| > > | Content-Transfer-Encoding: 7bit
| > > | X-Newsreader: Microsoft CDO for Windows 2000
| > > | Content-Class: urn:content-classes:message
| > > | Importance: normal
| > > | Priority: normal
| > > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > > | Newsgroups: microsoft.public.windows.server.sbs
| > > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:158399
| > > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > > |
| > > | Hi,
| > > |
| > > | We just got a new Comcast router (It is a Comcast branded
SMC8013WG-CCR
| > > | router) for our business. I have setup NAT port forwarding for all
the
| > > | appropriate SBS remote functions, but I am not able to verify
through SBS
| > > | VPN. I know about RWW and it works, however, I need to get the VPN
part
| > > | working. It gives me the 721 error, which apparently is related to
TCP
| > > port
| > > | 1723 (which is open and active), and GRE port 47. I can't find
where in
| > > the
| > > | Comcast router I can open GRE port 47. I searched SMC's website
and
| > > didn't
| > > | find any info.
| > > |
| > > | Ideas?
| > > |
| > > | Thanks!
| > > |
| > > | Jeff
| > > |
| > > |
|
.
- References:
- RE: VPN to SBS through Comcast router
- From: JAStillwell
- RE: VPN to SBS through Comcast router
- Prev by Date: Re: Intermittant GPO failure to apply
- Next by Date: Re: ports for SBS
- Previous by thread: RE: VPN to SBS through Comcast router
- Next by thread: http://<servername>/exchange authentication
- Index(es):
Relevant Pages
|
