Cannot establish a VPN connection - Event ID 20209

We have had our VPN setup and working for quite some time. All employees off-site can still successfully connect to the VPN except for one who is out of state. She is at a conference and everytime she tries to connect to the VPN she generates one of these warnings in the eventlog. She claims that there are people there from other companies and they are able to get on their VPNs. So it sounds like the issue is on our side, but if everyone else can connect to the VPN, where is the difference? Please help me find where the issue resides.

Windows Server 2003, Windows XP Pro laptop

Event Type:      Warning
Event Source:      Rasman
Event Category:      None
Event ID:      20209
Computer:      MYSERVER
Description:
A connection between the VPN server and the VPN client 68.248.117.2 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
donvfpAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Todd GerbertIT ConsultantCommented:
If she's behind a consumer-grade router with NAT enabled, then it would probably only allow 1 VPN connection at a time (because GRE doesn't use the notion of port numbers like TCP the router can only handle one internal computer using it at a time).
AmirchoupaniCommented:
Tell her to disable all Firewalls, Anti-viruses ,... programs and try again. If successful, so add a rule that allows VPN session. (pptp=tcp 1723   -  L2TP=udp 1701 - udp=500 - IP protocol=47)
donvfpAuthor Commented:
She is in a hotel at this conference and more than one person is able to connect to their vpn at a time.
So I don't think it's being limited on her end.

I have enabled IPsec, L2TP over IPsec, and PPTP.
I have also added rules in the firewall to allow TCP 1723, UDP 1701, and UDP 500.

I asked her to try to connect again and she is still getting error 721.
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

AmirchoupaniCommented:
in a hotel means she uses a public PC? I meant on her laptop.
Todd GerbertIT ConsultantCommented:
Well, I would tend to think that so long as you can connect any clients to your VPN (especially if it has been working for some time and you haven't made any changes), and her computer also was able to connect and no changes were made to it, then the only other unknown is the hotels routers.

Given that some people are able to connect I might guess that A) They're not connecting to a VPN, maybe using RPC over HTTP, e.g. (I know my users can barely spell VPN, much less know whether they're connected or not), B) either some others, or your person, are connected to the wrong router (maybe a nearby house/apartment), or C) others at the hotel are using other VPN clients that don't depend on GRE (I'm only familiar with PPTP, so I don't know how likely that is) or D) The hotel's got a half-decent router but still has a limit that's being reached as far as the number of GRE connections it can keep track of.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
donvfpAuthor Commented:
She is not using a public PC. She is using a company supplied laptop that she has brought to other off-site locations and has been able to connect to the VPN just fine in the past.

I believe tgerbert has got it right.
We haven't made any changes to the vpn or to the settings on her computer. The hotel is the unknown factor.
The other people probably are connecting through third party vpn software or not using a vpn at all.

It's just frustrating that's all.
AmirchoupaniCommented:
Did you check or told her to check her laptop? maybe she has recently installed or enabled a firewall.
donvfpAuthor Commented:
I am accepting this as a solution since it is the best explanation of what was probably happening.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.