Cannot establish a VPN connection - Event ID 20209
We have had our VPN setup and working for quite some time. All employees off-site can still successfully connect to the VPN except for one who is out of state. She is at a conference and everytime she tries to connect to the VPN she generates one of these warnings in the eventlog. She claims that there are people there from other companies and they are able to get on their VPNs. So it sounds like the issue is on our side, but if everyone else can connect to the VPN, where is the difference? Please help me find where the issue resides.
Windows Server 2003, Windows XP Pro laptop
Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Computer: MYSERVER
Description:
A connection between the VPN server and the VPN client 68.248.117.2 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Windows Server 2003, Windows XP Pro laptop
Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Computer: MYSERVER
Description:
A connection between the VPN server and the VPN client 68.248.117.2 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Todd Gerbert
If she's behind a consumer-grade router with NAT enabled, then it would probably only allow 1 VPN connection at a time (because GRE doesn't use the notion of port numbers like TCP the router can only handle one internal computer using it at a time).
Tell her to disable all Firewalls, Anti-viruses ,... programs and try again. If successful, so add a rule that allows VPN session. (pptp=tcp 1723 - L2TP=udp 1701 - udp=500 - IP protocol=47)
ASKER
She is in a hotel at this conference and more than one person is able to connect to their vpn at a time.
So I don't think it's being limited on her end.
I have enabled IPsec, L2TP over IPsec, and PPTP.
I have also added rules in the firewall to allow TCP 1723, UDP 1701, and UDP 500.
I asked her to try to connect again and she is still getting error 721.
So I don't think it's being limited on her end.
I have enabled IPsec, L2TP over IPsec, and PPTP.
I have also added rules in the firewall to allow TCP 1723, UDP 1701, and UDP 500.
I asked her to try to connect again and she is still getting error 721.
in a hotel means she uses a public PC? I meant on her laptop.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
She is not using a public PC. She is using a company supplied laptop that she has brought to other off-site locations and has been able to connect to the VPN just fine in the past.
I believe tgerbert has got it right.
We haven't made any changes to the vpn or to the settings on her computer. The hotel is the unknown factor.
The other people probably are connecting through third party vpn software or not using a vpn at all.
It's just frustrating that's all.
I believe tgerbert has got it right.
We haven't made any changes to the vpn or to the settings on her computer. The hotel is the unknown factor.
The other people probably are connecting through third party vpn software or not using a vpn at all.
It's just frustrating that's all.
Did you check or told her to check her laptop? maybe she has recently installed or enabled a firewall.
ASKER
I am accepting this as a solution since it is the best explanation of what was probably happening.