Posted on 2005-04-11
Last Modified: 2008-01-09
I have a Netgear FVS318 router/firewall with all the correct ports forwarded as well as I can check. My problem consists of the following. I use to have satelite broadband that is supported by Ground Control internet services. All of my connections to external sites worked on this solution but were very slow. I upgraded to DSL as it became available in my area. When I switched to DSL with a static ip, (Also had a static IP with the satelite service), any existing VPN connection that I had stopped working. I connect to several different offices that are VPN capable. I know that I can hook back up to the satelite service and the VPN's will start working again. When I try to connect with the DSL service I get an error 721 when trying to to verify the username and password. Is this a IP PROTOCOL 47 (GRE) error. I need help!! How do I configure this protocol in this router. Any assistance would be greatly appreciated because I can not function when I can not connect to these remote offices.

Thanks in Advance,
Jimmy Hanks
Question by:jah86992
    LVL 7

    Expert Comment

    Try this one and let me know

    Error 721: Remote PPP peer is not responding.

    This error should only occur due to a glitch on the ISP's end. Reconnecting should fix it. If it occurs regularly and there is no problem at the ISP, reinstall DUN/RAS


    Expert Comment

    WHich ISP do you have?

    I found with that i could connect however i could not transfer any encrypted packets...  Because they locked down the IP type the GRE needs to transfer data.

    I believe you may also encounter this problem. I had to call earthlink and ask them if they blocked anything...

    I was using a netscreen vpn solution and not the standard DUN that you are using.

    LVL 1

    Expert Comment

    Are you using L2TP or PPTP for VPN?  PPTP uses the GRE protocol (#47) but sometimes uses port "0" to communicate.  In other words, opening TCP/UDP IP protocols are fine on port 1723, but try also opening port "0".

    Option 1:

    Open TCP and UDP on port 1723
    Open UDP and GRE on port 0

    (TCP protocol # is: 6)
    (UDP protocol # is: 17)

    Option 2:
    If you switched to DSL and have a Linksys or similar router, you may need to mark the checkbox that says "Allow PPTP passthrough" in the properties.


    Author Comment

    I am using a Netgear FVS318 with version 2.4 (latest) firmware. This router will not allow me to open up GRE protocols. I tried to open port 0 and it said I must enter a value greater than 0. My ISP is a local telephone provider and I have called tech support with the problem. I have got a hardware VPN that is configured between 2 Netgear FVS318s and this seems to work fine. Opening protocol 6 & 17 did not help. I seem to be at a stand still. The DSL modem that is being used is a SpeedStream 5100 and it is set to bridge mode so there are no setups to change in the modem. Anymore suggestions. I am at a loss.

    Jimmy Hanks
    LVL 1

    Expert Comment

    What happens if you bypass the router?  I.e. try plugging directly into the modem to figure out if "bridged" mode is killing us or if it's the Netgear.
    LVL 1

    Expert Comment

    Another thought... does your DSL provider require PPPoE login?  If so, you must set your router's MTU (Max Transmission Unit) from 1500 to 1452 to allow for the PPPoE overhead.
    LVL 8

    Accepted Solution


    delete and re-create the VPN connections while connected to DSL.
    LVL 23

    Expert Comment

    by:Tim Holman
    The FVS318 (and all other current models of Netgear) will support IPSEC passthrough without changing the config.  However, you'll need to open TCP/1723 outbound to allow through PPTP.
    I've a Netgear at home, running latest firmware, and I had to change NOTHING to get my client>site IPSEC VPN client working so I could connect to my work office.
    I would suspect the ISP (or something else) is maybe dropping GRE ?
    You could run on your VPN Client laptop and take a network trace, and work out what's going on ?
    Maybe the central VPN server has some sort of firewalling on it - do you have to let your admin know your new IP address ?
    LVL 2

    Expert Comment

    When you say VPN, Jimmy, I guess that you set up site-to-site VPN. If the other end does not recognise you (you do have static address, but it is not the same as the first one, probably) you will not get VPN up. Who is managing the other end of the VPN tunnel?

    Or, you are just using PPTP or something similar as the client on your machine, and you use DSL just to get access to the Internet (then you do not need fixed IP address, or the other end has to know your new IP address, again...)? You could see if the packets are passing the Netgear from its log?



    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here ( 2. Ensure that you disable the windows fi…
    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now