• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 519
  • Last Modified:

SBS 2003 VPN stopped working

SBS 2003 server, SP2 & all patches. VPN client access has been working fine for two or three years. Now, without any recent changes, updtaes, patches, VPN clients cannot connect.

The server logs RASMAN error 20209:

Event Type:      Warning
Event Source:      Rasman
Event Category:      None
Event ID:      20209
Date:            5/09/2011
Time:            8:04:28 PM
User:            N/A
Computer:      COMPUTERNAME
Description:
A connection between the VPN server and the VPN client xxx.xxx.xxx.xxxhas been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

Restarted the service & the server. Disabled & re-enabled remote access via the wizard. I can establish a VPN over the LAN, but not from the net. Tried from more than one client.

Changed the router, same deal.

I've got a bunch of sites in the same configuration with the same routers, no problem.

Any ideas?
0
snooflehammer
Asked:
snooflehammer
  • 4
  • 2
1 Solution
 
karllangstonSenior Technical ConsultantCommented:
are your routers passing all vpn traffic through to the server or do your routers also hadle vpn's?
0
 
snooflehammerAuthor Commented:
Passing only the ports required. In the case of VPN port 1723 (PPTP) is port-forwarded to the server. This is all that is required for VPN access to SBS
0
 
DaeltCommented:
Verify your router is VPN passthrough and check the option if there is one, then make sure your router forward port 1723 (pptp) and port 47 (GRE) to the server on the router settings.

0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
snooflehammerAuthor Commented:
It's passthrough-compliant. It's been working OK for 3 years. This is not the issue.
0
 
DaeltCommented:
Did you check with your Internet service provider if they didnt change anything in your main router or blocked any port on your connection?
0
 
snooflehammerAuthor Commented:
The router was faulty. Just stopped allowing the traffic. Changed the router
0
 
snooflehammerAuthor Commented:
as posted
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now