VPN 721 error

[Guest]

Hello,

I was wondering how to fix the 721 error I get on a machine that uses a
linksys wireless router. If I reset the router it will connect fine. But if I
make changes and save the changes then the VPN will not connect. It just
sites there on verifieing username and password.

Thanks
Joe

 

[Bill Grant]

If you can connect without the router or with the router in DMZ mode, then
the 721 error is almost certainly caused by the router filters blocking GRE.

Check that you have the latest firmware upgrade, and check the router
for ways to allow GRE. It might be mentioned by name or by protocol number
(IP protocol 47) or it may be called VPN pass-through mode.

 

[Guest]

Thanks Bill I will give that a try.

I do not see IP protocol 47 but I do see VPN passthrough.

I am trying to connect to another server from behind the router not from the
server to the PC behind the router. I may have caused and error here in my
description of the problem.

I will check for firmware upgrades.

Joe

However the server is NOT behind a router and can be connected to at anytime
without the router "in front" of the connecting PC

 

[Bill Grant]

A router blocking GRE anywhere in the path will cause problems. The
encrypted data is inside a packet with a GRE header. So if anything blocks
GRE in either direction, no data is transferred and the connection fails.

NN/NP depends on the computer browser service and Netbios names. So to
use it from a remote client you need WINS and a domain structure.

The same subnet method is OK for remote access in most cases.
The RRAS server acts as a proxy for the remote client, relaying data to and
from the LAN clients. If you put the remotes in a different subnet, you have
to ensure that the RRAS server can route between the subnets.

 

[Guest]

Thanks Bill,

I tried the DMZ and kept that. It works fine now.
I can VPN in anytime now from this machine and get the files.
However there is a way not to have a domain structure and VPN in.
I am in a workgroup enviroment at this time. Kinda lengthy process but very
efficient. (in my case)

You can download a "dirty copy" of how until I finish the completed one at
http://www.animocracy.com/downloads.htm

thanks a ton Bill you helped me tremendously!
Joe

 

[Bill Grant]

You can't really get browsing to work without a domain. The reason is
that the client tries to find the master browser in WINS looking for a
domain master browser. If there isn't a domain, it just sits there until it
times out. There doesn't seem to be a way to make the client look for a
workgroup name.

 

[Guest]

Yes Bill you are correct but I have been able to find things quite well this
way.

I do agree your way is much better and IS the correct way. But I just
"centalized" everything for me.I will upgrade or promote my server to a DC a
little later to have a better experience : - )

A lot of great utilities here >>> Http://www.animocracy.com

Thank you
Joe

 

[Guest]

Bill, you are wrong about browsing. In a workgroup, the first PC that boots
up looks for a Master Browser, and if it can't find one it typically assumes
the role. If a Master Browser goes offline, an election is held by the
computers to determine who the new master browser will be. Servers usually
win out over workstations, if they are on the network. This is integral to
Microsoft NetBIOS networking. It has nothing to do with the network model
(domain vs. workgroup). Also, a client doesn't look to WINS unless it is
configured to do so, either statically or via DHCP scope parameters. WINS is
usually only necessary on larger networks because it reduces the need for
broadcasting in order to locate network resources.

Dave

 

[Bill Grant]

What you say is correct for a LAN, but that is no use to a remote client.
The master browser has built a browse list, but the remote client can't see
it.

A remote client cannot access a workgroup master browser on a LAN.
Broadcasts do not cross the WAN link, so it cannot find the master browser
by broadcast. Even if WINS is running on the LAN, the client cannot find the
master browser, because it does not know how to find it. If you capture the
traffic, you will see that it tries to resolve the Netbios name <name
1B> , which is a domain master browser. If you only have a workgroup, this
name does not exist.

If the LAN is running a domain, this name does exist and the remote
client can get a browse list after it resolves <domainname 1B> using WINS.
Of course the browse list does not include the remote client itself. It only
includes to machine on the LAN.