Re: Error 720 connecting to server via VPN

Craig Hughes wrote:
Hi Russ,

Port 1723 (PPTP) is allowed in my router for any WAN users to the server.

I've not got a rule for GRE (Port 43 I think) as I read it was a IP protocol rather than TCP or UDP. My router only allows TCP, UDP or TCP/UDP. Should I create a rule for port 43 as TCP/UDP?

My router is Netgear. I can't see any existing rule I can select for GRE or port 43.


It's 47, it is a protocol and therefore has no connection with TCP or UDP ports (most protocols don't use ports) and if you selected 'PPTP Service' or similar on a Netgear machine then TCP/1723 and GRE are both included. If you enable logging on that rule, you'll see (when the system finally works) an initial TCP/1723 handshake followed by numerous GRE packets, which carry the encrypted data.

> The Client I'm trying to connect is on the same subnet as the server,
> 255.255.255.0.

No, that's the netmask. That may or may not be the same, but the network address, which is the IP address ANDed with the netmask (in this case the first three octets of the IP address) must be different. This is
the most common cause of your particular problem. Your SBS has one of the most common private network addresses (192.168.0.) and there's a fair chance that the remote router also uses it. If so, one or the other must change, and I'd recommend using the Change IP Address wizard on the SBS to alter the LAN network address to something much higher, like 192.168.55. so it is unlikely to conflict with any default anywhere else.

Do you get any entry in the System event log on the SBS? If the TCP connection works but GRE is blocked, then there will be a message to that effect. Using the same network address at both ends produces unpredictable errors, as there is confusion in routing, and some messages will get through, some won't. Sometimes you'll get the System message, sometimes not. Usually the process will fail during authentication, when several pieces of data need to be exchanged and some get dropped.

.

Relevant Pages

  • Re: Connecting to Home Computer
    ... cannot transmit IP packets outside the local network). ... assigned by your router. ... You have to add the port too, ... Determine the ports (pcAnywhere uses 5631 for DATA, 5632 for STATUS, I ...
    (microsoft.public.windowsxp.work_remotely)
  • RE: VPN to SBS through Comcast router
    ... The only thing I can find is to open TCP/UDP port 47 ... "What's GRE?". ... >> workaround for the hardware router which is not supporting PPTP connection. ... GRE is a client protocol of IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Webcam with SBS-2003
    ... unless he was trying to create some kind of DMZ for the camera. ... attached to a port on the Westell router with an IP ... NICs and the network. ...
    (microsoft.public.windows.server.sbs)
  • Re: Error 720 connecting to server via VPN
    ... By default the router's firewall is configured to drop ICMP packets ... Select WAN Setup> Advanced> Respond to Ping on Internet Port. ... server and the Internet allow GRE packets. ... routers on the user's network are also configured to allow GRE packets. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... built into your router. ... If your router/switch has five ports then plug your computers into any port ... Network Places other than shortcuts. ... > If the second card is lost on HOST PC then DSL Internet does not connect. ...
    (microsoft.public.windowsxp.security_admin)
Loading