I have a Win2K3 RRAS server behind a 2801 router. The server is statically NATted and GRE and port 1723 are allowed via the external ACL.
I thought this was just a Windows error, but the error I get when clients try to connect led me to post this here.
The connection begins, then times out with the following error:
Event Type: Warning
Event Source: Rasman
Event Category: None
Event ID: 20209
Time: 1:33:36 PM
A connection between the VPN server and the VPN client 66.210.xxx.xxx has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets.
This implies that the problem is with GRE. However, GRE is permitted any any. What gives?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...