Link to home
Start Free TrialLog in
Avatar of ksquyres
ksquyresFlag for United States of America

asked on

SBS 2003 giving event 20209 VPN authentication failure from GRE packets being blocked.

I have a SBS 2003 server with ISA 2004 and I just started getting the VPN authentication failures relating to GRE packet blocking where it logs Event 20209 errors. It says the most common cause is the blocking of GRE packets. I have exhausted all the troubleshooting threads I have found. I get the errors when connecting from outside or from within the local network, ruling out ISP issues. The local client and the remote client workstations I am using to test can both connect to a similar SBS 2003 server that I manage so I know the clients are ok.

I have just completed another round of reconfiguring RRAS and am still not successful. I
disabled RRAS, ran the CEICW wizard to remove the VPN configuration, deleted from ISA any
filters that were VPN related, restarted the server, reran CEICW wizard to configure VPN, reran
the Configure Remote Access wizard, all successful. The error continues. I can run ISA logging
for the local client by IP and can see the VPN connection attempt. It connects to port 1723 with
PPTP, another connection to port 0 with PPTP, then times out and closes the connection, leaving
the 20209 error in the event log. I have not found how to monitor the GRE packets in the ISA
2004 filtering.

I have a SBS 2003 SP2, ISA 2004 sp3, automatic updates is off. VPN has been working for years until about 2 weeks ago. No updates were applied or changes made, it just quit. It is a dual NIC server with the external NIC directly on the Internet. There are no other routers. My primary testing at this point is from the local client to avoid any ISP questions, so it is some issue
with ISA or RRAS. I have been through the numerous threads on this in the Experts Exchange forum  (and many other sites I have found) but I have not found success yet.

Avatar of pwindell
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ksquyres


I will try your suggestion this weekend. I have had ISA break before where nothing short of a fresh reinstall got it back again.
Once all is back to normal, just enable Remote Access VPN access in the ISA MMC and it will "just work", least it does in a normal ISA installation.  If it does nto work then,...then the question should be targeted specifically at "SBS people".
Disabled RRAS, uninstalled ISA 2004, restarted, reinstalled ISA, updated to SP3. Ran connect to Internet wizard and enabled VPN access. Ran remote access wizard. You were correct, it just works. Imported special filters exported from ISA earlier and back in business. Thanks
Very good sir!
You're welcome.