Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


VPN Randomly Crashes SBS2003

Posted on 2006-06-05
Medium Priority
Last Modified: 2013-11-16
I am having problems with sustaing a VPN connection to SBS 2003  through Bigpond ADSL using Siemens Speedstream 4200 modem and then through a D-Link 624s router. I have setup the router to forward the pptp ports to the server and enabled the VPN pass through in the router settings.

I can connect for a random amount of time and everything works fine but then the connection drops and I can't reconnect. The only way I have found around this to reboot the router.
The adsl modem is set to bridge mode so the router manages everything such as username and password!

Have tried testing with Microsoft's support tool pptpsrv.exe and pptpclnt.exe and they can connect fine but the GRE packets do not get received when connecting from outside the network. Connecting through the VPN internally everything works perfect.

Thanks in advanced!

Question by:crossfireit
  • 4
  • 2
LVL 78

Expert Comment

by:Rob Williams
ID: 16842310
I assume while briefly connected you can access a share? If so, it sounds like the VPN is configured correctly. You might want to try adjusting the MTU (Maximum Transmission Unit) packet size on the connecting PC and it's local router. An explanation of the problem, testing procedure, and DrTCP tool to adjust, are included in the following links:


Author Comment

ID: 16884089
I have tried adjusting the MTU size on both client and server routers and this sadly doesnt make any difference. BTW the connection process stalls at 'Verifying username and password' and then I get the vpn error 721 ...
LVL 78

Expert Comment

by:Rob Williams
ID: 16884874
You mentioned "I can connect for a random amount of time and everything works fine but then the connection drops " and in your second post "BTW the connection process stalls at 'Verifying username and password' and then I get the vpn error 721 "

Are you actually able to make a connection and view a share or do you mean it says there is a connection and then the 721 error before accessing a share ?
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.


Author Comment

ID: 16885010
When I can connect, I can access shares and do everything a vpn allows perfectly. When I can't connect it breaks at 'Verifying username and password' and receiver error 721
LVL 78

Accepted Solution

Rob Williams earned 1500 total points
ID: 16885484
Sorry I have no other suggestions unless some how a software firewall is being turned on some times. A 721 error is most often due to blocked GRE packets. You have allowed this with "VPN pass-through", and there is no reason, other than a flaky router or software firewall, to sometimes block GRE. Lost connections as suggested earlier are often due to MTU settings.

No chance there is a second VPN set up on your network? Many routers have limits as to how many simultaneous tunnels they will support. Many only allow 1, I believe a couple of the D-Links allow 5, but almost all have a limit.

Expert Comment

ID: 16886846

The error comes if GRE 47 is blocked which is used with TCP 1723 to make VPN connection.

I have some question on the setup you have.

1. The SBS Server comes with ISA Server, Is it installed on the server.
2. The Router D-Link 624s has Firewall feature in it, Are you using this feature.
3. Have you intslled SBS 2003 SP1 on it.

If you have ISA Server installed on the SBS, try to configure the VPN from the ISA server console. If the Firewall on the D-Link 624s is OFF use PPTP Ping utility or the Rasdiag.Exe tool in the Support tool to check the VPN connection. These tools will tell you exactly what is happening when you are creating the VPN.

If you have installed SP1 Please refer to the following article.


Though it talkes about ISA 2000, the change can be applied on Non ISA servers as well.

Hope this helps
LVL 78

Expert Comment

by:Rob Williams
ID: 17232568
Thanks crossfireit,

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question