[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

IP PROTOCOL 47 (GRE)

Posted on 2005-04-11
9
Medium Priority
?
2,502 Views
Last Modified: 2008-01-09
I have a Netgear FVS318 router/firewall with all the correct ports forwarded as well as I can check. My problem consists of the following. I use to have satelite broadband that is supported by Ground Control internet services. All of my connections to external sites worked on this solution but were very slow. I upgraded to DSL as it became available in my area. When I switched to DSL with a static ip, (Also had a static IP with the satelite service), any existing VPN connection that I had stopped working. I connect to several different offices that are VPN capable. I know that I can hook back up to the satelite service and the VPN's will start working again. When I try to connect with the DSL service I get an error 721 when trying to to verify the username and password. Is this a IP PROTOCOL 47 (GRE) error. I need help!! How do I configure this protocol in this router. Any assistance would be greatly appreciated because I can not function when I can not connect to these remote offices.

Thanks in Advance,
Jimmy Hanks
0
Comment
Question by:jah86992
9 Comments
 
LVL 7

Expert Comment

by:tonyteri
ID: 13753039
Try this one and let me know

Error 721: Remote PPP peer is not responding.

This error should only occur due to a glitch on the ISP's end. Reconnecting should fix it. If it occurs regularly and there is no problem at the ISP, reinstall DUN/RAS

/TT
0
 

Expert Comment

by:rbollinger1212
ID: 13754582
WHich ISP do you have?

I found with earthlink.net that i could connect however i could not transfer any encrypted packets...  Because they locked down the IP type the GRE needs to transfer data.


I believe you may also encounter this problem. I had to call earthlink and ask them if they blocked anything...

I was using a netscreen vpn solution and not the standard DUN that you are using.

Robert
0
 
LVL 1

Expert Comment

by:dsstao
ID: 13755006
Are you using L2TP or PPTP for VPN?  PPTP uses the GRE protocol (#47) but sometimes uses port "0" to communicate.  In other words, opening TCP/UDP IP protocols are fine on port 1723, but try also opening port "0".

Option 1:

Open TCP and UDP on port 1723
Open UDP and GRE on port 0

(TCP protocol # is: 6)
(UDP protocol # is: 17)

Option 2:
If you switched to DSL and have a Linksys or similar router, you may need to mark the checkbox that says "Allow PPTP passthrough" in the properties.

DS
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:jah86992
ID: 13755675
I am using a Netgear FVS318 with version 2.4 (latest) firmware. This router will not allow me to open up GRE protocols. I tried to open port 0 and it said I must enter a value greater than 0. My ISP is a local telephone provider and I have called tech support with the problem. I have got a hardware VPN that is configured between 2 Netgear FVS318s and this seems to work fine. Opening protocol 6 & 17 did not help. I seem to be at a stand still. The DSL modem that is being used is a SpeedStream 5100 and it is set to bridge mode so there are no setups to change in the modem. Anymore suggestions. I am at a loss.

Jimmy Hanks
0
 
LVL 1

Expert Comment

by:dsstao
ID: 13755738
What happens if you bypass the router?  I.e. try plugging directly into the modem to figure out if "bridged" mode is killing us or if it's the Netgear.
0
 
LVL 1

Expert Comment

by:dsstao
ID: 13755802
Another thought... does your DSL provider require PPPoE login?  If so, you must set your router's MTU (Max Transmission Unit) from 1500 to 1452 to allow for the PPPoE overhead.
0
 
LVL 8

Accepted Solution

by:
ViRoy earned 1500 total points
ID: 13757107


delete and re-create the VPN connections while connected to DSL.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 13758237
The FVS318 (and all other current models of Netgear) will support IPSEC passthrough without changing the config.  However, you'll need to open TCP/1723 outbound to allow through PPTP.
I've a Netgear at home, running latest firmware, and I had to change NOTHING to get my client>site IPSEC VPN client working so I could connect to my work office.
I would suspect the ISP (or something else) is maybe dropping GRE ?
You could run www.ethereal.com on your VPN Client laptop and take a network trace, and work out what's going on ?
Maybe the central VPN server has some sort of firewalling on it - do you have to let your admin know your new IP address ?
0
 
LVL 2

Expert Comment

by:Vladan_MOBTEL
ID: 13762496
When you say VPN, Jimmy, I guess that you set up site-to-site VPN. If the other end does not recognise you (you do have static address, but it is not the same as the first one, probably) you will not get VPN up. Who is managing the other end of the VPN tunnel?

Or, you are just using PPTP or something similar as the client on your machine, and you use DSL just to get access to the Internet (then you do not need fixed IP address, or the other end has to know your new IP address, again...)? You could see if the packets are passing the Netgear from its log?

Vladan

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question