PC Review


Reply
Thread Tools Rate Thread

Error 721 - 1 NIC Configuration

 
 
=?Utf-8?B?QWwgU3RlcGhlbnNvbg==?=
Guest
Posts: n/a
 
      3rd Nov 2005
Hi All!

I have a Windows 2003 server 1 NIC that I cannot connect any clients too. I
have checked and rechecked the firewall and it is routing the vpn client
traffic properly to the server running RAS. I believe the problem is a
routing problem on the server.

In the IPRouterManager file I have an error message that says
ProcessDefaultRouteChanges: Not default route <ip address of VPN client>

Has anyone ran into this before...I have disabled and reconfigured the RAS
service more times than I would want to admit to....

Thanks in advance for your help...
 
Reply With Quote
 
 
 
 
Bill Grant
Guest
Posts: n/a
 
      4th Nov 2005
Can you connect from a client machine on the LAN? If you can, the
problem is probably not on the server.

As well as forwarding tcp port 1723, the firewall must not block GRE (IP
protocol 47). Note it is a protocol, not a port!

Al Stephenson wrote:
> Hi All!
>
> I have a Windows 2003 server 1 NIC that I cannot connect any clients
> too. I have checked and rechecked the firewall and it is routing the
> vpn client traffic properly to the server running RAS. I believe the
> problem is a routing problem on the server.
>
> In the IPRouterManager file I have an error message that says
> ProcessDefaultRouteChanges: Not default route <ip address of VPN
> client>
>
> Has anyone ran into this before...I have disabled and reconfigured
> the RAS service more times than I would want to admit to....
>
> Thanks in advance for your help...



 
Reply With Quote
 
 
 
 
=?Utf-8?B?QWwgU3RlcGhlbnNvbg==?=
Guest
Posts: n/a
 
      8th Nov 2005
Thanks for your response...I rechecked and I am allowing tcp port 1723 and IP
protocol 47 through the firewall.. I can connect successfully internally to
the VPN...

At one point I even opened up all tcp, udp and IP protocols (only for a few
minutes mind you) and still could not connect from outside..Any further help
would be appreciated..

Thanks

"Bill Grant" wrote:

> Can you connect from a client machine on the LAN? If you can, the
> problem is probably not on the server.
>
> As well as forwarding tcp port 1723, the firewall must not block GRE (IP
> protocol 47). Note it is a protocol, not a port!
>
> Al Stephenson wrote:
> > Hi All!
> >
> > I have a Windows 2003 server 1 NIC that I cannot connect any clients
> > too. I have checked and rechecked the firewall and it is routing the
> > vpn client traffic properly to the server running RAS. I believe the
> > problem is a routing problem on the server.
> >
> > In the IPRouterManager file I have an error message that says
> > ProcessDefaultRouteChanges: Not default route <ip address of VPN
> > client>
> >
> > Has anyone ran into this before...I have disabled and reconfigured
> > the RAS service more times than I would want to admit to....
> >
> > Thanks in advance for your help...

>
>
>

 
Reply With Quote
 
=?Utf-8?B?QWwgU3RlcGhlbnNvbg==?=
Guest
Posts: n/a
 
      8th Nov 2005
Ok...I did more checking and noticed that I wasn't allowing GRE out from the
inside...I turned that on and have been able to successfully connect but only
if I allow all TCP traffic through... Is there another tcp port other than
1723 that is needed to establish the connection?

"Al Stephenson" wrote:

> Thanks for your response...I rechecked and I am allowing tcp port 1723 and IP
> protocol 47 through the firewall.. I can connect successfully internally to
> the VPN...
>
> At one point I even opened up all tcp, udp and IP protocols (only for a few
> minutes mind you) and still could not connect from outside..Any further help
> would be appreciated..
>
> Thanks
>
> "Bill Grant" wrote:
>
> > Can you connect from a client machine on the LAN? If you can, the
> > problem is probably not on the server.
> >
> > As well as forwarding tcp port 1723, the firewall must not block GRE (IP
> > protocol 47). Note it is a protocol, not a port!
> >
> > Al Stephenson wrote:
> > > Hi All!
> > >
> > > I have a Windows 2003 server 1 NIC that I cannot connect any clients
> > > too. I have checked and rechecked the firewall and it is routing the
> > > vpn client traffic properly to the server running RAS. I believe the
> > > problem is a routing problem on the server.
> > >
> > > In the IPRouterManager file I have an error message that says
> > > ProcessDefaultRouteChanges: Not default route <ip address of VPN
> > > client>
> > >
> > > Has anyone ran into this before...I have disabled and reconfigured
> > > the RAS service more times than I would want to admit to....
> > >
> > > Thanks in advance for your help...

> >
> >
> >

 
Reply With Quote
 
Bill Grant
Guest
Posts: n/a
 
      9th Nov 2005
The GRE setting makes sense. The traffic in both directions is encrytped
and encapsulated, so blocking GRE in either direction will cause the
connection to drop. Can't think of any reason for TCP filters to cause
problems. All the TCP traffic between client and server (apart from 1723)
should be "inside" the encypted and encapsulated packet.

Al Stephenson wrote:
> Ok...I did more checking and noticed that I wasn't allowing GRE out
> from the inside...I turned that on and have been able to successfully
> connect but only if I allow all TCP traffic through... Is there
> another tcp port other than 1723 that is needed to establish the
> connection?
>
> "Al Stephenson" wrote:
>
>> Thanks for your response...I rechecked and I am allowing tcp port
>> 1723 and IP protocol 47 through the firewall.. I can connect
>> successfully internally to the VPN...
>>
>> At one point I even opened up all tcp, udp and IP protocols (only
>> for a few minutes mind you) and still could not connect from
>> outside..Any further help would be appreciated..
>>
>> Thanks
>>
>> "Bill Grant" wrote:
>>
>>> Can you connect from a client machine on the LAN? If you can,
>>> the problem is probably not on the server.
>>>
>>> As well as forwarding tcp port 1723, the firewall must not
>>> block GRE (IP protocol 47). Note it is a protocol, not a port!
>>>
>>> Al Stephenson wrote:
>>>> Hi All!
>>>>
>>>> I have a Windows 2003 server 1 NIC that I cannot connect any
>>>> clients too. I have checked and rechecked the firewall and it is
>>>> routing the vpn client traffic properly to the server running RAS.
>>>> I believe the problem is a routing problem on the server.
>>>>
>>>> In the IPRouterManager file I have an error message that says
>>>> ProcessDefaultRouteChanges: Not default route <ip address of VPN
>>>> client>
>>>>
>>>> Has anyone ran into this before...I have disabled and reconfigured
>>>> the RAS service more times than I would want to admit to....
>>>>
>>>> Thanks in advance for your help...



 
Reply With Quote
 
=?Utf-8?B?QWwgU3RlcGhlbnNvbg==?=
Guest
Posts: n/a
 
      10th Nov 2005
Thanks for all your help Bill. I discovered a problem in the firewall that
was blocking inbound traffic destined for port 1723...I had mistakenly put a
filter to only allow port 1723 in on the source side however the external
client could use a different port than 1723 to come in with...All is well and
the VPN is working great!


"Bill Grant" wrote:

> The GRE setting makes sense. The traffic in both directions is encrytped
> and encapsulated, so blocking GRE in either direction will cause the
> connection to drop. Can't think of any reason for TCP filters to cause
> problems. All the TCP traffic between client and server (apart from 1723)
> should be "inside" the encypted and encapsulated packet.
>
> Al Stephenson wrote:
> > Ok...I did more checking and noticed that I wasn't allowing GRE out
> > from the inside...I turned that on and have been able to successfully
> > connect but only if I allow all TCP traffic through... Is there
> > another tcp port other than 1723 that is needed to establish the
> > connection?
> >
> > "Al Stephenson" wrote:
> >
> >> Thanks for your response...I rechecked and I am allowing tcp port
> >> 1723 and IP protocol 47 through the firewall.. I can connect
> >> successfully internally to the VPN...
> >>
> >> At one point I even opened up all tcp, udp and IP protocols (only
> >> for a few minutes mind you) and still could not connect from
> >> outside..Any further help would be appreciated..
> >>
> >> Thanks
> >>
> >> "Bill Grant" wrote:
> >>
> >>> Can you connect from a client machine on the LAN? If you can,
> >>> the problem is probably not on the server.
> >>>
> >>> As well as forwarding tcp port 1723, the firewall must not
> >>> block GRE (IP protocol 47). Note it is a protocol, not a port!
> >>>
> >>> Al Stephenson wrote:
> >>>> Hi All!
> >>>>
> >>>> I have a Windows 2003 server 1 NIC that I cannot connect any
> >>>> clients too. I have checked and rechecked the firewall and it is
> >>>> routing the vpn client traffic properly to the server running RAS.
> >>>> I believe the problem is a routing problem on the server.
> >>>>
> >>>> In the IPRouterManager file I have an error message that says
> >>>> ProcessDefaultRouteChanges: Not default route <ip address of VPN
> >>>> client>
> >>>>
> >>>> Has anyone ran into this before...I have disabled and reconfigured
> >>>> the RAS service more times than I would want to admit to....
> >>>>
> >>>> Thanks in advance for your help...

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NIC Bonding (NIC-B) vs NIC Teaming (NIC-T) Charles L. Phillips Windows XP Basics 0 7th Jan 2008 09:45 PM
1 NIC Windows 2003 Domain; 1 Wireless NIC to Internet - Can't get both working Jay Moritz Windows XP Networking 2 7th Nov 2004 06:41 AM
1 NIC Windows 2003 Domain; 1 Wireless NIC to Internet - Can't get both working Jay Moritz Windows XP Networking 0 6th Nov 2004 09:22 AM
Resitrcting File and Printer Sharing to one NIC on a multi-NIC machine Steve Windows XP Help 2 4th Oct 2004 02:53 PM
problem setting up nic-nic network Steve Windows XP Networking 2 29th May 2004 04:24 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 06:11 AM.