Error 721 - 1 NIC Configuration

Discussion in 'Microsoft Windows 2000 RAS Routing' started by Guest, Nov 3, 2005.

  1. Guest

    Guest Guest

    Hi All!

    I have a Windows 2003 server 1 NIC that I cannot connect any clients too. I
    have checked and rechecked the firewall and it is routing the vpn client
    traffic properly to the server running RAS. I believe the problem is a
    routing problem on the server.

    In the IPRouterManager file I have an error message that says
    ProcessDefaultRouteChanges: Not default route <ip address of VPN client>

    Has anyone ran into this before...I have disabled and reconfigured the RAS
    service more times than I would want to admit to....

    Thanks in advance for your help...
     
    Guest, Nov 3, 2005
    #1
    1. Advertisements

  2. Guest

    Bill Grant Guest

    Can you connect from a client machine on the LAN? If you can, the
    problem is probably not on the server.

    As well as forwarding tcp port 1723, the firewall must not block GRE (IP
    protocol 47). Note it is a protocol, not a port!

    Al Stephenson wrote:
    > Hi All!
    >
    > I have a Windows 2003 server 1 NIC that I cannot connect any clients
    > too. I have checked and rechecked the firewall and it is routing the
    > vpn client traffic properly to the server running RAS. I believe the
    > problem is a routing problem on the server.
    >
    > In the IPRouterManager file I have an error message that says
    > ProcessDefaultRouteChanges: Not default route <ip address of VPN
    > client>
    >
    > Has anyone ran into this before...I have disabled and reconfigured
    > the RAS service more times than I would want to admit to....
    >
    > Thanks in advance for your help...
     
    Bill Grant, Nov 3, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Thanks for your response...I rechecked and I am allowing tcp port 1723 and IP
    protocol 47 through the firewall.. I can connect successfully internally to
    the VPN...

    At one point I even opened up all tcp, udp and IP protocols (only for a few
    minutes mind you) and still could not connect from outside..Any further help
    would be appreciated..

    Thanks

    "Bill Grant" wrote:

    > Can you connect from a client machine on the LAN? If you can, the
    > problem is probably not on the server.
    >
    > As well as forwarding tcp port 1723, the firewall must not block GRE (IP
    > protocol 47). Note it is a protocol, not a port!
    >
    > Al Stephenson wrote:
    > > Hi All!
    > >
    > > I have a Windows 2003 server 1 NIC that I cannot connect any clients
    > > too. I have checked and rechecked the firewall and it is routing the
    > > vpn client traffic properly to the server running RAS. I believe the
    > > problem is a routing problem on the server.
    > >
    > > In the IPRouterManager file I have an error message that says
    > > ProcessDefaultRouteChanges: Not default route <ip address of VPN
    > > client>
    > >
    > > Has anyone ran into this before...I have disabled and reconfigured
    > > the RAS service more times than I would want to admit to....
    > >
    > > Thanks in advance for your help...

    >
    >
    >
     
    Guest, Nov 8, 2005
    #3
  4. Guest

    Guest Guest

    Ok...I did more checking and noticed that I wasn't allowing GRE out from the
    inside...I turned that on and have been able to successfully connect but only
    if I allow all TCP traffic through... Is there another tcp port other than
    1723 that is needed to establish the connection?

    "Al Stephenson" wrote:

    > Thanks for your response...I rechecked and I am allowing tcp port 1723 and IP
    > protocol 47 through the firewall.. I can connect successfully internally to
    > the VPN...
    >
    > At one point I even opened up all tcp, udp and IP protocols (only for a few
    > minutes mind you) and still could not connect from outside..Any further help
    > would be appreciated..
    >
    > Thanks
    >
    > "Bill Grant" wrote:
    >
    > > Can you connect from a client machine on the LAN? If you can, the
    > > problem is probably not on the server.
    > >
    > > As well as forwarding tcp port 1723, the firewall must not block GRE (IP
    > > protocol 47). Note it is a protocol, not a port!
    > >
    > > Al Stephenson wrote:
    > > > Hi All!
    > > >
    > > > I have a Windows 2003 server 1 NIC that I cannot connect any clients
    > > > too. I have checked and rechecked the firewall and it is routing the
    > > > vpn client traffic properly to the server running RAS. I believe the
    > > > problem is a routing problem on the server.
    > > >
    > > > In the IPRouterManager file I have an error message that says
    > > > ProcessDefaultRouteChanges: Not default route <ip address of VPN
    > > > client>
    > > >
    > > > Has anyone ran into this before...I have disabled and reconfigured
    > > > the RAS service more times than I would want to admit to....
    > > >
    > > > Thanks in advance for your help...

    > >
    > >
    > >
     
    Guest, Nov 8, 2005
    #4
  5. Guest

    Bill Grant Guest

    The GRE setting makes sense. The traffic in both directions is encrytped
    and encapsulated, so blocking GRE in either direction will cause the
    connection to drop. Can't think of any reason for TCP filters to cause
    problems. All the TCP traffic between client and server (apart from 1723)
    should be "inside" the encypted and encapsulated packet.

    Al Stephenson wrote:
    > Ok...I did more checking and noticed that I wasn't allowing GRE out
    > from the inside...I turned that on and have been able to successfully
    > connect but only if I allow all TCP traffic through... Is there
    > another tcp port other than 1723 that is needed to establish the
    > connection?
    >
    > "Al Stephenson" wrote:
    >
    >> Thanks for your response...I rechecked and I am allowing tcp port
    >> 1723 and IP protocol 47 through the firewall.. I can connect
    >> successfully internally to the VPN...
    >>
    >> At one point I even opened up all tcp, udp and IP protocols (only
    >> for a few minutes mind you) and still could not connect from
    >> outside..Any further help would be appreciated..
    >>
    >> Thanks
    >>
    >> "Bill Grant" wrote:
    >>
    >>> Can you connect from a client machine on the LAN? If you can,
    >>> the problem is probably not on the server.
    >>>
    >>> As well as forwarding tcp port 1723, the firewall must not
    >>> block GRE (IP protocol 47). Note it is a protocol, not a port!
    >>>
    >>> Al Stephenson wrote:
    >>>> Hi All!
    >>>>
    >>>> I have a Windows 2003 server 1 NIC that I cannot connect any
    >>>> clients too. I have checked and rechecked the firewall and it is
    >>>> routing the vpn client traffic properly to the server running RAS.
    >>>> I believe the problem is a routing problem on the server.
    >>>>
    >>>> In the IPRouterManager file I have an error message that says
    >>>> ProcessDefaultRouteChanges: Not default route <ip address of VPN
    >>>> client>
    >>>>
    >>>> Has anyone ran into this before...I have disabled and reconfigured
    >>>> the RAS service more times than I would want to admit to....
    >>>>
    >>>> Thanks in advance for your help...
     
    Bill Grant, Nov 9, 2005
    #5
  6. Guest

    Guest Guest

    Thanks for all your help Bill. I discovered a problem in the firewall that
    was blocking inbound traffic destined for port 1723...I had mistakenly put a
    filter to only allow port 1723 in on the source side however the external
    client could use a different port than 1723 to come in with...All is well and
    the VPN is working great!


    "Bill Grant" wrote:

    > The GRE setting makes sense. The traffic in both directions is encrytped
    > and encapsulated, so blocking GRE in either direction will cause the
    > connection to drop. Can't think of any reason for TCP filters to cause
    > problems. All the TCP traffic between client and server (apart from 1723)
    > should be "inside" the encypted and encapsulated packet.
    >
    > Al Stephenson wrote:
    > > Ok...I did more checking and noticed that I wasn't allowing GRE out
    > > from the inside...I turned that on and have been able to successfully
    > > connect but only if I allow all TCP traffic through... Is there
    > > another tcp port other than 1723 that is needed to establish the
    > > connection?
    > >
    > > "Al Stephenson" wrote:
    > >
    > >> Thanks for your response...I rechecked and I am allowing tcp port
    > >> 1723 and IP protocol 47 through the firewall.. I can connect
    > >> successfully internally to the VPN...
    > >>
    > >> At one point I even opened up all tcp, udp and IP protocols (only
    > >> for a few minutes mind you) and still could not connect from
    > >> outside..Any further help would be appreciated..
    > >>
    > >> Thanks
    > >>
    > >> "Bill Grant" wrote:
    > >>
    > >>> Can you connect from a client machine on the LAN? If you can,
    > >>> the problem is probably not on the server.
    > >>>
    > >>> As well as forwarding tcp port 1723, the firewall must not
    > >>> block GRE (IP protocol 47). Note it is a protocol, not a port!
    > >>>
    > >>> Al Stephenson wrote:
    > >>>> Hi All!
    > >>>>
    > >>>> I have a Windows 2003 server 1 NIC that I cannot connect any
    > >>>> clients too. I have checked and rechecked the firewall and it is
    > >>>> routing the vpn client traffic properly to the server running RAS.
    > >>>> I believe the problem is a routing problem on the server.
    > >>>>
    > >>>> In the IPRouterManager file I have an error message that says
    > >>>> ProcessDefaultRouteChanges: Not default route <ip address of VPN
    > >>>> client>
    > >>>>
    > >>>> Has anyone ran into this before...I have disabled and reconfigured
    > >>>> the RAS service more times than I would want to admit to....
    > >>>>
    > >>>> Thanks in advance for your help...

    >
    >
    >
     
    Guest, Nov 10, 2005
    #6
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave Roth

    RRAS + NAT + VPN == 721 error...Yikes!

    Dave Roth, Jul 10, 2003, in forum: Microsoft Windows 2000 RAS Routing
    Replies:
    1
    Views:
    3,103
    Bill Grant
    Jul 11, 2003
  2. Todd Gallina

    PPTP CONNECTION ERROR 721

    Todd Gallina, Jul 14, 2003, in forum: Microsoft Windows 2000 RAS Routing
    Replies:
    3
    Views:
    8,852
    Dave Roth
    Jul 15, 2003
  3. Rajendra Rait

    Error:721

    Rajendra Rait, Jul 31, 2003, in forum: Microsoft Windows 2000 RAS Routing
    Replies:
    2
    Views:
    8,023
    Carl DaVault [MSFT]
    Aug 4, 2003
  4. Carlos Gomez

    VPN Client error 721

    Carlos Gomez, Aug 5, 2003, in forum: Microsoft Windows 2000 RAS Routing
    Replies:
    3
    Views:
    9,813
    Marc Reynolds [MSFT]
    Aug 9, 2003
  5. VPN Server - 1 NIC vs 2 NIC

    , Jul 12, 2006, in forum: Microsoft Windows 2000 RAS Routing
    Replies:
    9
    Views:
    3,157
    Robert L [MS-MVP]
    Jul 20, 2006
Loading...

Share This Page