Problems Logon on Ras Server

  • Thread starter Thread starter Roberto Fabbri
  • Start date Start date
R

Roberto Fabbri

Hi

i have a win 2k SP4 server with ras configured as vpn server.
This server is connected via DSL to the internet and has
a private address associated with nat on a public ip address.
The nat is done on the router.

This server correctly responds to ping from outside the lan.

On my firewall ,I have open ports for PPTP and GRE.

The user id I use to try logon is enabled for dial in connection.

When i try to connect a client using a Dial up or another dsl line
i get an error (721) after trying authentication.

Is there something else that i must check for ?

Thank you
Roberto
 
Roberto said:
Hi

i have a win 2k SP4 server with ras configured as vpn server.
This server is connected via DSL to the internet and has
a private address associated with nat on a public ip address.
The nat is done on the router.

This server correctly responds to ping from outside the lan.

On my firewall ,I have open ports for PPTP and GRE.

The user id I use to try logon is enabled for dial in connection.

When i try to connect a client using a Dial up or another dsl line
i get an error (721) after trying authentication.

Is there something else that i must check for ?

Thank you
Roberto
Click to expand...

Certainly sounds like a GRE issue. GRE is not a port. It is an IP
protocol (protocol 47). The data is encrypted then encapsulated with a
modified GRE header. If GRE is blocked (by the DSL NAT device or anything
else in the path), no data is transferred across the link and it closes.
 
Thank you for answer Bill,

my Router Zyxel 652 , is also a firewall.
In the the protocols list that i enable to pass trought firewall check ,
this router includes
an item called PPTP_TUNNEL GRE:0.

So i thought that it would be enough to work.

If it isn't so , what am i to do to make ras work ?

Thank You
Roberto.
 
That sounds like the right item. Does that mean allow nothing or block
nothing?

For the VPN connection to work GRE must be allowed in both directions
(ie client to server and server to client). The data is encrypted and
encapsulated both ways.
 
Back
Top