VPN

error 721 is what i get every time i try to log on to my server via vpn. I can see the remote computer establish a connection on tcp 1723 and it said that it is established but then get error 721. I have dsl going through my router which is set to dmz and have my server set on a static pool when connected. What am i missing or what do i need to look for tx.
MattWalkerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Computer101Connect With a Mentor Commented:
PAQed, with points refunded (250)

Computer101
E-E Admin
0
 
mattisflonesCommented:
Hi MattWalker,
TCP 1723 and ip protocol 47 needs to be open..
http://www.chicagotech.net/raserrors.htm#Error%20721

Mattis
0
 
MattWalkerAuthor Commented:
I am running windows 2000 server
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
MattWalkerAuthor Commented:
open on what and how
0
 
mattisflonesCommented:
Router, firewall and so on.. What equipment do you run?
0
 
MattWalkerAuthor Commented:
d-link router but i have it set to dmz
0
 
mattisflonesCommented:
Ok, the win 2000 server should ve ok, but reffer to the d-link manual for configuring these ports..
0
 
MattWalkerAuthor Commented:
ok i thought that when you have it going through the dmz that it just routes it to the ip you pick and i have it going to my server
0
 
mattisflonesCommented:
Not so.. then you would be open for numerous hacker attacks... Default for most routers is a certain lockdown, and if you run DSL you might even have to configure the DSL modem.. (depends on your ISPs config)
0
 
MattWalkerAuthor Commented:
ok I can see it trying to connect on my server through a network monitor. It hits the 1723
0
 
mattisflonesCommented:
What about the 47?

quote:
Error 721: Remote PPP peer or computer is not responding. If you have tried many thing other people suggest like rebooting, reloading hardware and re-installing the VPN or dial in connection, you still get the same problem. I will suggest to check the router settings and make sure TCP Port 1723, IP Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP enabled and not firewall block the traffic. On the RAS server, check the DHCP settings.
0
 
MattWalkerAuthor Commented:
I just checked out the router and it has a vpn pass through and i have it enabled
0
 
mattisflonesCommented:
Then your problem is with the server, can you connect to it locally by internal IP?
If not the VPN is set up wrong (if its not only on the external interface..)
0
 
MattWalkerAuthor Commented:
if i use the server internal ip through vpn i can connect-----just external does not work ---
0
 
MattWalkerAuthor Commented:
does this look right?

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1000004 ...00 60 67 71 90 15 ...... NDIS 5.0 driver

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.10       1
         10.1.1.1  255.255.255.255        127.0.0.1       127.0.0.1       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.10.0    255.255.255.0    192.168.10.10   192.168.10.10       1
    192.168.10.10  255.255.255.255        127.0.0.1       127.0.0.1       1
   192.168.10.255  255.255.255.255    192.168.10.10   192.168.10.10       1
        224.0.0.0        224.0.0.0    192.168.10.10   192.168.10.10       1
  255.255.255.255  255.255.255.255    192.168.10.10   192.168.10.10       1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None
0
 
mattisflonesCommented:
Looks ok for me.. but how is the forwarding between the external IP and the internal? Youll need some kind of setup in the external IP holder to route requests to the internal IP..

Your VPN should be correctly set up on the server, but i enclose this FYI.
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q308/2/08.ASP&NoWebContent=1
0
 
mattisflonesCommented:
Oh.. teh gateway 192.168.10.1 is the router/DSL modem i assume?!
0
 
MattWalkerAuthor Commented:
Router
0
 
mattisflonesCommented:
Ok,so the router have a external ip? how is that routed internally?
0
 
MattWalkerAuthor Commented:
dmz through the router---- My external ip-- dmz to 192.168.10.10
0
 
mattisflonesCommented:
Ok, so youre sure that the router is set up correctly then?! Since it works internally theres got to be something wrong in the router config!
0
 
MattWalkerAuthor Commented:
yes i do believe so--- dont know---need some type of test or tests to run
0
 
mattisflonesCommented:
Easiest way:
http://securityresponse.symantec.com/ use the "check for security risk" and scan your IP.. it will reveal if the ports are open..
0
 
MattWalkerAuthor Commented:
ok it says that 1723 is open
0
 
mattisflonesCommented:
But not the protocol 47?.. then thats it...
0
 
MattWalkerAuthor Commented:
ok so how do you turn it on
0
 
mattisflonesCommented:
The routing on inbound requests is what i believe is wrong, but check your VPN/RAS setup with the guide i provided a link for above..
0
 
mattisflonesCommented:
Youll need to reffer to your router guide for that.. i dont know the making of it so i can not explain...
0
 
MattWalkerAuthor Commented:
everything is setup like the link you gave me---router not much i can do
0
 
mattisflonesCommented:
?? there have to be a setup guide for it, what type is it?
0
 
MattWalkerAuthor Commented:
d-link di-604
0
 
MattWalkerAuthor Commented:
Its pretty cut and dry
0
 
mattisflonesCommented:
Here you can download the guide, find the section conserning VPN for setup instructions:
http://www.dlink.com/products/support.asp?pid=62#quickInstallGuides
0
 
MattWalkerAuthor Commented:
Its setup right---beats me
0
 
mattisflonesCommented:
Just thought of something.. How did you set up the VPN connestion when you got the 721 error..
The "require data encryption" "secure password" "type of VPN" "TCP/IP settings" is propable causes.. i remember getting that once, and then changed some security settings and voila... everything worked...
Try jigling around a bit with the advanced settings.. not all server configs accept any type off connection!
0
 
infotraderCommented:
1  Instead of using DMZ, use the "Virtual Server" function to open up TCP port 1723
2  Make sure the remote client is trying to establish a connection using PPTP, not L2TP or Automatic (I've seen in the past where the "Automatic" isn't very automatic.
3  It is always good practice to set your MaximumMTU size on your router to 1492 for DSL connection.

- Info
0
 
mattisflonesCommented:
Good adding infotrader :-)
0
 
MattWalkerAuthor Commented:
Infotrader my router is already setup that way and I still can not log on
0
 
PoofingerCommented:

Get rid of the virtual server and the dmz, you don't need them for VPN just ensure the VPN is enabled on the router.  When you connect you connect to the router which gives your vpn adapter a internal ip.  I just set up one of these a couple of weeks ago and didn't use dmz or virtual server.
0
 
MattWalkerAuthor Commented:
I do have it opened and I still get an error 721
0
 
MattWalkerAuthor Commented:
Found the problem the router itself was bad!! Now it is up and running but now i can goto any web site on the server but on the workstation can not goto every web site like www.experts-exchange.com.
0
 
mattisflonesCommented:
:-) Isn`t that typical...
0
 
PoofingerCommented:
The router was bad?  Please explain, if it is up and running what did you do to fix it?
0
 
MattWalkerAuthor Commented:
Installed another nic card on my server and installed software for ppoe and i set it up!
0
 
ewtaylorCommented:
So you removed the router? It sounds like it works it is just blocking the GRE protocol 47 another questions is where were you connecting from? A lot of times if you are trying to connect via NAT and do not have ipsec passthrough enabled on the client end it will mess up the tunnel also. I would try updating the firmware on the router and put it back in place and see if it works.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.