I have 2 people who get an error 721 if either one of the 2 people are connected.


I have 2 people who authenticate to a Windows 2000 VPN server. Both client systems are Windows XP.  I have them set up to connect via a unique static IP address, which works fine if one or the other is not connected.  If either one is connected, the other one gets an error 721.  No one else of the potential 18 VPN users have any problems.  Do you have any suggestions as to what can cause this?  All help greatly appreciated!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Could it be a duplicate computer name?
Robert Sutton JrSenior Network ManagerCommented:
There could be a few different reasons, but im thinking you are using PPTP? Is this correct? If so, read below...

> ports 1723 and 47
It's not port 47, it is protocol #47, GRE that needs to be forwarded. Since GRE has no concept of ports, you can't forward it to an inside host on the low-end routers like the Netopia.

Microsoft VPN Network Server

Microsoft's story:
PPTP traffic consists of a TCP connection for tunnel maintenance and GRE encapsulation for tunneled data. The TCP connection is NAT-translatable because the source TCP port numbers can be transparently translated. However, the GRE-encapsulated data is not NAT-translatable

From Cisco documentation:
Because the connection is initiated as TCP on one port and the response is GRE protocol, it is necessary to configure ACLs to allow the return traffic into the PIX, as the PIX Adaptive Security Algorithm (ASA) does not know the traffic flows are related. PPTP through the PIX with NAT (one-to-one address mapping) works because the PIX uses the port information in the TCP or User Datagram Protocol (UDP) header to keep track of translation. PPTP through the PIX with Port Address Translation (PAT) does not work because there is no concept of ports in GRE.

Setting up VPN server behind ICS system:


VPN w/ 2003 Server

Please read this post:
jmattson30Author Commented:
Hi jlanderson1, The computer names are different.  

Hi Warlock, if there was any problem with the Gre or 1723 port which is open on both as all other VPN uses can connect fine.  The 2 people in question are only denied when one or the other individual is already connected.  I also have more PPTP ports available than I have users, so that would not be an issue either. Do you have any others suggestions?
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Robert Sutton JrSenior Network ManagerCommented:
Map them to different ports.?? I would try anything at this point, but Im still leaning towards PPTP with the error:721

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmattson30Author Commented:
Although the problem was not about ports, it did have to do with PPTP in that the VPN connection was set for Automatic and not PPTP as it was supposed to be.  This seemed to have solved the problem.
Robert Sutton JrSenior Network ManagerCommented:
Im glad I could point you in the right direction. Typically any 721 error points to PPTP. If it wasn't evident at first look, always go back and double check the settings.... Im glad you have it working now.
jmattson30Author Commented:
Thanks again!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.