RRAS + NAT + VPN == 721 error...Yikes!

D

Dave Roth

The configuration:
I have a win2k server configured with RRAS to use its
routing, NAT and VPN capabilities. Routing works great
between 3 interfaces (one private wired [192.168.1.x],
one private 802.11b wireless [192.168.2.x] and one public
[bound to 5 Internet IP addresses]). VPN is configured to
use remote IAS to my Win2k3 Server AD machine.

The problem:
If one of my machines on the private wired net makes a
VPN connection to the VPN server via IP 192.168.1.1 I
successfully obtain a VPN connection and all is groovy.
If, however, the same machine tries a VPN connection to
one of the public IP addresses (the request would have to
be routed via the Win2k server to its public interface
since it is also acting as a router) then the connection
fails with a 721 error (it never gets passed "verifying
username and password").
The same error occurs if I have a machine on the Internet
tries a VPN connection to the public interface (in this
case the call is not traversing the win2k box as a
router).

Can someone shed some light on this?? Thanks!

dave roth
 
B

Bill Grant

Error 721 usually indicates that GRE is being blocked. Is your RRAS
server directly connected to the Internet or does it go via a
firewll/router?

A PPTP VPN connection uses packets with GRE headers for its data. If
anything in the path blocks GRE (Generic Routing Encapsulation, IP protocol
47) the connection will fail.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Routing over VPN and LAN 0
VPN NAT Transparency 2
Keep getting error 721 4
failed to modify routing table after VPN connection is establishedthru Routing and RAS 0
VPN and NAT routing packets through public adapter 3
RRAS, NAT & External VPN Problem 3
RRAS, VPN and NAT 2
VPN Error 721 4

Top