Solved

GRE not being opened for VPN access any more

Posted on 2007-11-17
5
1,337 Views
Last Modified: 2008-05-31
For some reason after reinstalling the Windows server (after a total array failure) the system will no longer allow incoming VPN connections due to failing to allow in GRE packets, from memory all settings for the VPN (Routing & Remote Access) are the same..

The firewall & NAT rules are all ok as it can make a connection to log this message on the server and (PPTP) GRE IS enabled (as well as L2TP) to the same internal IP addresses.

Event Type:      Warning
Event Source:      Rasman
Event Category:      None
Event ID:      20209
Date:            17/11/2007
Time:            9:54:36 p.m.
User:            N/A
Computer:      SERVER
Description:
A connection between the VPN server and the VPN client (**remote IP address**) has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

0
Comment
Question by:kiwistag
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
tvman_od earned 150 total points
ID: 20305828
Is there a chance that the problem is on client's side? Besides that, try to disable firewall for a moment just to make sure you didn't overlooked anything.
0
 
LVL 6

Author Comment

by:kiwistag
ID: 20305881
Client: Dialup with & without firewall.
Server (Router): With & without firewall.
Recreated RRAS Setup, all without any luck.

I have one of the 2 active adaptors set up in a HP LAN Team also. (3 physical adaptors - 2 in team, 1 standalone).
0
 
LVL 11

Assisted Solution

by:tvman_od
tvman_od earned 150 total points
ID: 20305927
Did you try to make a connection from the same LAN? I believe that teaming is configured correctly, otherwise it would cause major connectivity problems.
0
 
LVL 1

Assisted Solution

by:sveashwar
sveashwar earned 50 total points
ID: 20306551
try to check weather pptp-gre port is open using nmap/telnet and start there
0
 
LVL 6

Author Comment

by:kiwistag
ID: 20306649
Sorted.
It turned out that my router by default denied outgoing GRE, AH & ESP protocols.

This in conjunction with a problem with the setup of the Routing & Remote Access service created 2 variables to the one problem.
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now