pptp connects first time only - error after disconnect try again

S

scott

Hi,

I can establish a PPTP connection from a win2ksp3 clinet to win2ksp3
advanced server first time. Upon disconnecting and attempting a connection
again i get error 721.

(NOTE: both were on SP4 before I rolled them back to SP3 following this
problem).

I applied the registy fix metioned in knowledgebase articles:

271731 PPTP clients cannot connect to a PPTP server that has multiple IP
http://support.microsoft.com/?id=271731

810839 VPN Client Cannot Establish a Connection After You Install a Service
Pack
http://support.microsoft.com/?id=810839

(NOTE: this fix suggested adding the ValidateAddress DWORD value and setting
to "0" which is off)

If I leave the machines for a few days and attempt the connection again its
ok. As suggested above, after disconnecting again and attempting to connect
again i get error 721 (or error 650 on win98se).

I attempted to restart all machine involved but this does not help.

There is a firewall between the clinet and server. When attemping a
connection within the firewall its always ok (from XPsp1)

Can someone please help ? Is this some sort of routing problem with the
firewall ?

PPTP 1723 and GRE protocol 47 (NOT PORT 47) are allowed to pass via the
firewall.

Thanks for any help.
Scott.
 
S

scott

Firewall reports the following.

02/09/2004 17:24:01 Firewall rule match: TCP (Wan to Lan, rule:2)
99.99.99.99:23107 192.168.1.199:1723 ACCESS FORWARD

02/09/2004 17:24:01 Firewall rule NOT match: TCP (Wan to Lan, rule:1)
99.99.99.99:23107 192.168.1.199:1723 CHECK NEXT RULE

It seems that 1723 is being forwarded and blocked. I would assume from the
error 721 that GRE is the problem. Dont undertand why this would work 1 out
of 100 times i try and connect.

Thanks
Scott.
 
S

scott

Got a better test:

NET
v
ROUTER
v
ROUTER > win2k clinet (WS012)
v
FIREWALL
v
RAS SERVER

- The win2k clinet (WS012) on the middle router (DMZ) can ALWAYS establish a
PPTP connection to RAS SERVER.
- This connection passes through the FIREWALL.
- Once this connection has been made all other external PPTP WIN2k clients
can connect.
- After WS012 disconnects and after several mins all external WIN2k that
attempt connection get error 721.

What the heck is going on ?

Thanks for any information at all.
Scott.
 
S

scott

futher testing showed:

win98 on external ip connect ok (firewall report PPTP 1723 + GRE)

win 98 manually disconet, reconnect (frewall report PPTP 1723 only)

Its like GRE was lost during the second connection. IE second time GRE did
not make it as far as the FIREWALL.

Im checking middle ROUTER.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

pptp connects 1st time only, error 2nd time 9
interminant vpn pptp failure as no GRE packets 1
pptp error 721 (kb not helped) 10
pptp error 800 and then 721 and then connection 1
vpn routing problem 1
Windows 2000 Pro VPN Host behind Router 5
network only allows 1 outgoing pptp connection at a time ? 2
win2k vpn (pptp) error 721 (sp4 problem) ? 1

Top