Solved

VPN

Posted on 2004-03-25
47
511 Views
Last Modified: 2010-04-12
error 721 is what i get every time i try to log on to my server via vpn. I can see the remote computer establish a connection on tcp 1723 and it said that it is established but then get error 721. I have dsl going through my router which is set to dmz and have my server set on a static pool when connected. What am i missing or what do i need to look for tx.
0
Comment
Question by:MattWalker
  • 21
  • 20
  • 2
  • +3
47 Comments
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683705
Hi MattWalker,
TCP 1723 and ip protocol 47 needs to be open..
http://www.chicagotech.net/raserrors.htm#Error%20721

Mattis
0
 

Author Comment

by:MattWalker
ID: 10683706
I am running windows 2000 server
0
 

Author Comment

by:MattWalker
ID: 10683708
open on what and how
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683716
Router, firewall and so on.. What equipment do you run?
0
 

Author Comment

by:MattWalker
ID: 10683720
d-link router but i have it set to dmz
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683742
Ok, the win 2000 server should ve ok, but reffer to the d-link manual for configuring these ports..
0
 

Author Comment

by:MattWalker
ID: 10683751
ok i thought that when you have it going through the dmz that it just routes it to the ip you pick and i have it going to my server
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683784
Not so.. then you would be open for numerous hacker attacks... Default for most routers is a certain lockdown, and if you run DSL you might even have to configure the DSL modem.. (depends on your ISPs config)
0
 

Author Comment

by:MattWalker
ID: 10683796
ok I can see it trying to connect on my server through a network monitor. It hits the 1723
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683832
What about the 47?

quote:
Error 721: Remote PPP peer or computer is not responding. If you have tried many thing other people suggest like rebooting, reloading hardware and re-installing the VPN or dial in connection, you still get the same problem. I will suggest to check the router settings and make sure TCP Port 1723, IP Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP enabled and not firewall block the traffic. On the RAS server, check the DHCP settings.
0
 

Author Comment

by:MattWalker
ID: 10683836
I just checked out the router and it has a vpn pass through and i have it enabled
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10683867
Then your problem is with the server, can you connect to it locally by internal IP?
If not the VPN is set up wrong (if its not only on the external interface..)
0
 

Author Comment

by:MattWalker
ID: 10683879
if i use the server internal ip through vpn i can connect-----just external does not work ---
0
 

Author Comment

by:MattWalker
ID: 10683963
does this look right?

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x1000004 ...00 60 67 71 90 15 ...... NDIS 5.0 driver

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.10       1
         10.1.1.1  255.255.255.255        127.0.0.1       127.0.0.1       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.10.0    255.255.255.0    192.168.10.10   192.168.10.10       1
    192.168.10.10  255.255.255.255        127.0.0.1       127.0.0.1       1
   192.168.10.255  255.255.255.255    192.168.10.10   192.168.10.10       1
        224.0.0.0        224.0.0.0    192.168.10.10   192.168.10.10       1
  255.255.255.255  255.255.255.255    192.168.10.10   192.168.10.10       1
Default Gateway:      192.168.10.1
===========================================================================
Persistent Routes:
  None
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684024
Looks ok for me.. but how is the forwarding between the external IP and the internal? Youll need some kind of setup in the external IP holder to route requests to the internal IP..

Your VPN should be correctly set up on the server, but i enclose this FYI.
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q308/2/08.ASP&NoWebContent=1
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684028
Oh.. teh gateway 192.168.10.1 is the router/DSL modem i assume?!
0
 

Author Comment

by:MattWalker
ID: 10684039
Router
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684060
Ok,so the router have a external ip? how is that routed internally?
0
 

Author Comment

by:MattWalker
ID: 10684074
dmz through the router---- My external ip-- dmz to 192.168.10.10
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684090
Ok, so youre sure that the router is set up correctly then?! Since it works internally theres got to be something wrong in the router config!
0
 

Author Comment

by:MattWalker
ID: 10684107
yes i do believe so--- dont know---need some type of test or tests to run
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684162
Easiest way:
http://securityresponse.symantec.com/ use the "check for security risk" and scan your IP.. it will reveal if the ports are open..
0
 

Author Comment

by:MattWalker
ID: 10684244
ok it says that 1723 is open
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 15

Expert Comment

by:mattisflones
ID: 10684273
But not the protocol 47?.. then thats it...
0
 

Author Comment

by:MattWalker
ID: 10684279
ok so how do you turn it on
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684282
The routing on inbound requests is what i believe is wrong, but check your VPN/RAS setup with the guide i provided a link for above..
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684291
Youll need to reffer to your router guide for that.. i dont know the making of it so i can not explain...
0
 

Author Comment

by:MattWalker
ID: 10684350
everything is setup like the link you gave me---router not much i can do
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684365
?? there have to be a setup guide for it, what type is it?
0
 

Author Comment

by:MattWalker
ID: 10684373
d-link di-604
0
 

Author Comment

by:MattWalker
ID: 10684375
Its pretty cut and dry
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684414
Here you can download the guide, find the section conserning VPN for setup instructions:
http://www.dlink.com/products/support.asp?pid=62#quickInstallGuides
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684420
0
 

Author Comment

by:MattWalker
ID: 10684440
Its setup right---beats me
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10684481
Just thought of something.. How did you set up the VPN connestion when you got the 721 error..
The "require data encryption" "secure password" "type of VPN" "TCP/IP settings" is propable causes.. i remember getting that once, and then changed some security settings and voila... everything worked...
Try jigling around a bit with the advanced settings.. not all server configs accept any type off connection!
0
 
LVL 11

Expert Comment

by:infotrader
ID: 10693843
1  Instead of using DMZ, use the "Virtual Server" function to open up TCP port 1723
2  Make sure the remote client is trying to establish a connection using PPTP, not L2TP or Automatic (I've seen in the past where the "Automatic" isn't very automatic.
3  It is always good practice to set your MaximumMTU size on your router to 1492 for DSL connection.

- Info
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10694722
Good adding infotrader :-)
0
 

Author Comment

by:MattWalker
ID: 10696754
Infotrader my router is already setup that way and I still can not log on
0
 

Expert Comment

by:Poofinger
ID: 10700046

Get rid of the virtual server and the dmz, you don't need them for VPN just ensure the VPN is enabled on the router.  When you connect you connect to the router which gives your vpn adapter a internal ip.  I just set up one of these a couple of weeks ago and didn't use dmz or virtual server.
0
 

Author Comment

by:MattWalker
ID: 10700205
I do have it opened and I still get an error 721
0
 

Author Comment

by:MattWalker
ID: 10704328
Found the problem the router itself was bad!! Now it is up and running but now i can goto any web site on the server but on the workstation can not goto every web site like www.experts-exchange.com.
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 10705971
:-) Isn`t that typical...
0
 

Expert Comment

by:Poofinger
ID: 10709003
The router was bad?  Please explain, if it is up and running what did you do to fix it?
0
 

Author Comment

by:MattWalker
ID: 10710096
Installed another nic card on my server and installed software for ppoe and i set it up!
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10718305
So you removed the router? It sounds like it works it is just blocking the GRE protocol 47 another questions is where were you connecting from? A lot of times if you are trying to connect via NAT and do not have ipsec passthrough enabled on the client end it will mess up the tunnel also. I would try updating the firmware on the router and put it back in place and see if it works.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 11137118
PAQed, with points refunded (250)

Computer101
E-E Admin
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now