New VPN Server setup and stopped at 'Verifying username and password'

  • Thread starter Thread starter J.H
  • Start date Start date
J

J.H

Hi all,

I have a Windows 2003 VPN server with 2 NIC (no firewall on Internet Public
Interface)

NIC1 = Internet (with Internet domain name, resolved!!)
NIC2 = Private to 192.168.1.x

Static IP range configured!!
Static route add 0.0.0.0 --> 192.168.1.1 (our router in private site!!)


Problem:

- whenever from outside trying to establish VPN connection by trying to
connect to the NIC1, it always stops at 'Verifying Username and Password'
and then the error '721' appearing!!!

Any one help!!

Thanks,
jake
 
If you want to connect to the public IP of this server by VPN, the
default route of the machine must be back out to the Internet from the
public interface, not to some other router. The VPN client will expect to
get a reply from the same IP as it sent the request to (not a reply from
some other device such as your router).
 
Hi Bill,

Thanks for your response!!
------------------------------------------------------------------
Actually in my question that I have an Internet Public Interface on the VPN
server!!!
The architecture like this:

--66.159.x.x1-- Linksys Router __ (192.168.1.x)
Internet ---
--66.159.x.x2--Win2K3VPN ----(another NIC goes to
192.168.1.x)


- I configured every thing pretty much in default. And every time from
Internet
we tried to connect to the VPN server's Internet interface, on client side,
it was
stopped right on 'Verifying Username & Password'...and then error "721".

Please help if any one can give just a little hint or a way to go to
resolve!!!


Thanks!!
J.H
 
In that case, the router is probably blocking GRE.

All data exchanged between the client and server is encrypted, then
enclosed in a packet with a GRE (Generic Routing Encapsulation) header. If
anything in the path (such as a router or firewall) blocks GRE (which is IP
protocol 47), no data will pass and the connection will fail with a 721
error.

Check that your router allows GRE in both directions. It may be shown by
name (GRE), by protocol number (IP 47) or even as PPTP pass-through mode.
 
Back
Top