Hi,
I've noticed a few posts regarding VPN issues with the broadband routers,
and wonder if I'm suffering from a known issue. The behaviour is as follows:
Try to create a VPN connection from behind the MN-500, to a destination on
the internet. The connection takes a long time to process, at every step,
and eventually fails with error 721: no reponse from remote (the VPN server)
after trying to authenticate.
This appears to be a classic GRE (47) issue, but it has a twist. After the
connection fails, the router will not function - internet access is not
possible, and the router lan interface doesn't respond to pings or http. A
cold boot is required to regain functionality.
The issue seems to be at the connecting end, as it's possible to
successfully VPN to the same server from other locations.
The network topology is as follows.
Workstation:
IP: 192.168.15.x
SN: 255.255.255.0
Provided by W2k3 DHCP server via MN-700 (wireless connection) as A/P, with
WPA-PSK and TKip.
DHCP Server:
Internal nic:
IP 192.168.15.2
External nic:
IP 192.168.2.2
DG: 192.168.2.1
MN-500
Lan IP: 192.168.2.1
Wan IP: static public IP - PPPoE
Remote VPN server
Router
Wan IP: static public IP - PPPoE
Lan IP: 192.168.0.1
VPN Server:
Wan IP: 192.168.0.4
Lan IP: 192.168.16.2
The VPN Server provides IPs from it's default DHCP scope: 192.168.16.x
The VPN server logs the following event error, wich appears to support the
failure to pass GRE (47).
Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Date: 3/19/2005
Time: 5:24:21 PM
User: N/A
Computer: C5SBS
Description:
A connection between the VPN server and the VPN client <public IP> has been
established, but the VPN connection cannot be completed. The most common
cause for this is that a firewall or router between the VPN server and the
VPN client is not configured to allow Generic Routing Encapsulation (GRE)
packets (protocol 47). Verify that the firewalls and routers between your
VPN server and the Internet allow GRE packets. Make sure the firewalls and
routers on the user's network are also configured to allow GRE packets. If
the problem persists, have the user contact the Internet service provider
(ISP) to determine whether the ISP might be blocking GRE packets.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Is it a known issue for the MN-500 to not pass GRE (47) for outbound VPN
connections? Or, could this be related to the VPN client connection
(wireless, secure) and/or the fact that there's a MN-700 also in the mix?
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
Similar Threads
Linear Mode
