jah86992
asked on
IP PROTOCOL 47 (GRE)
I have a Netgear FVS318 router/firewall with all the correct ports forwarded as well as I can check. My problem consists of the following. I use to have satelite broadband that is supported by Ground Control internet services. All of my connections to external sites worked on this solution but were very slow. I upgraded to DSL as it became available in my area. When I switched to DSL with a static ip, (Also had a static IP with the satelite service), any existing VPN connection that I had stopped working. I connect to several different offices that are VPN capable. I know that I can hook back up to the satelite service and the VPN's will start working again. When I try to connect with the DSL service I get an error 721 when trying to to verify the username and password. Is this a IP PROTOCOL 47 (GRE) error. I need help!! How do I configure this protocol in this router. Any assistance would be greatly appreciated because I can not function when I can not connect to these remote offices.
Thanks in Advance,
Jimmy Hanks
Thanks in Advance,
Jimmy Hanks
WHich ISP do you have?
I found with earthlink.net that i could connect however i could not transfer any encrypted packets... Because they locked down the IP type the GRE needs to transfer data.
I believe you may also encounter this problem. I had to call earthlink and ask them if they blocked anything...
I was using a netscreen vpn solution and not the standard DUN that you are using.
Robert
I found with earthlink.net that i could connect however i could not transfer any encrypted packets... Because they locked down the IP type the GRE needs to transfer data.
I believe you may also encounter this problem. I had to call earthlink and ask them if they blocked anything...
I was using a netscreen vpn solution and not the standard DUN that you are using.
Robert
Are you using L2TP or PPTP for VPN? PPTP uses the GRE protocol (#47) but sometimes uses port "0" to communicate. In other words, opening TCP/UDP IP protocols are fine on port 1723, but try also opening port "0".
Option 1:
Open TCP and UDP on port 1723
Open UDP and GRE on port 0
(TCP protocol # is: 6)
(UDP protocol # is: 17)
Option 2:
If you switched to DSL and have a Linksys or similar router, you may need to mark the checkbox that says "Allow PPTP passthrough" in the properties.
DS
Option 1:
Open TCP and UDP on port 1723
Open UDP and GRE on port 0
(TCP protocol # is: 6)
(UDP protocol # is: 17)
Option 2:
If you switched to DSL and have a Linksys or similar router, you may need to mark the checkbox that says "Allow PPTP passthrough" in the properties.
DS
ASKER
I am using a Netgear FVS318 with version 2.4 (latest) firmware. This router will not allow me to open up GRE protocols. I tried to open port 0 and it said I must enter a value greater than 0. My ISP is a local telephone provider and I have called tech support with the problem. I have got a hardware VPN that is configured between 2 Netgear FVS318s and this seems to work fine. Opening protocol 6 & 17 did not help. I seem to be at a stand still. The DSL modem that is being used is a SpeedStream 5100 and it is set to bridge mode so there are no setups to change in the modem. Anymore suggestions. I am at a loss.
Jimmy Hanks
Jimmy Hanks
What happens if you bypass the router? I.e. try plugging directly into the modem to figure out if "bridged" mode is killing us or if it's the Netgear.
Another thought... does your DSL provider require PPPoE login? If so, you must set your router's MTU (Max Transmission Unit) from 1500 to 1452 to allow for the PPPoE overhead.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The FVS318 (and all other current models of Netgear) will support IPSEC passthrough without changing the config. However, you'll need to open TCP/1723 outbound to allow through PPTP.
I've a Netgear at home, running latest firmware, and I had to change NOTHING to get my client>site IPSEC VPN client working so I could connect to my work office.
I would suspect the ISP (or something else) is maybe dropping GRE ?
You could run www.ethereal.com on your VPN Client laptop and take a network trace, and work out what's going on ?
Maybe the central VPN server has some sort of firewalling on it - do you have to let your admin know your new IP address ?
I've a Netgear at home, running latest firmware, and I had to change NOTHING to get my client>site IPSEC VPN client working so I could connect to my work office.
I would suspect the ISP (or something else) is maybe dropping GRE ?
You could run www.ethereal.com on your VPN Client laptop and take a network trace, and work out what's going on ?
Maybe the central VPN server has some sort of firewalling on it - do you have to let your admin know your new IP address ?
When you say VPN, Jimmy, I guess that you set up site-to-site VPN. If the other end does not recognise you (you do have static address, but it is not the same as the first one, probably) you will not get VPN up. Who is managing the other end of the VPN tunnel?
Or, you are just using PPTP or something similar as the client on your machine, and you use DSL just to get access to the Internet (then you do not need fixed IP address, or the other end has to know your new IP address, again...)? You could see if the packets are passing the Netgear from its log?
Vladan
Or, you are just using PPTP or something similar as the client on your machine, and you use DSL just to get access to the Internet (then you do not need fixed IP address, or the other end has to know your new IP address, again...)? You could see if the packets are passing the Netgear from its log?
Vladan
Error 721: Remote PPP peer is not responding.
This error should only occur due to a glitch on the ISP's end. Reconnecting should fix it. If it occurs regularly and there is no problem at the ISP, reinstall DUN/RAS
/TT