cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1636
Views
0
Helpful
2
Replies

Windows RRAS GRE error

olhcc
Level 1
Level 1

I have a Win2K3 RRAS server behind a 2801 router. The server is statically NATted and GRE and port 1723 are allowed via the external ACL.

I thought this was just a Windows error, but the error I get when clients try to connect led me to post this here.

The connection begins, then times out with the following error:

Event Type: Warning

Event Source: Rasman

Event Category: None

Event ID: 20209

Date: 6/6/2008

Time: 1:33:36 PM

User: N/A

Computer: SERVER

Description:

A connection between the VPN server and the VPN client 66.210.xxx.xxx has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets.

This implies that the problem is with GRE. However, GRE is permitted any any. What gives?

2 Replies 2

michael.leblanc
Level 4
Level 4

Have you provisioned the return path (inspection on the 2801's external interface, or ACL on the 2801's internal interface) to permit GRE between the two endpoints?

No ACL is applied going in or out the inside interface (Fast 0/1.)

On the outside interface, the ACL is:

ip nat inside source static

access-list 160 permit icmp any any

access-list 160 permit gre any any

access-list 160 permit tcp any host eq 1723

int Fast0/0

ip access-group 160 in

exit

That should be enough to get PPTP going from the router's standpoint.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: