XP to 2003 RRAS VPN Fails Curiously

I have a Win XP SP2 client that is external to our LAN. When I try to
connect via VPN to a member server joined to the AD domain running Win 2003
& RRAS, I get "verifying username and password" on the client machine, and
then finally it disconnects with error code "721 (Remote computer did not
respond)". If I try to connect again, it just sits at the "connecting to
<IP address>" screen and then fails. (I'm in the VPN_Users group as well as
am a domain admin.)

Looking in the Win2003 event logs, I see Event ID 20049: "The user connected
to port VPN4-127 has been disconnected because the authentication process
did not complete within the required amount of time."

I followed the MS tutorial on configuring the VPN Server. The Internal NIC
has Client for MS Networks, a static IP address of 10.0.0.103, no gateway,
and points to our DNS server at 10.0.0.102, points to our WINS server at
10.0.0.102 and has NetBIOS enabled. The External NIC *isn't* using Client
for MS Networks, has a static IP address of 24.123.130.x, a gateway of
24.123.130.y (as assigned by our ISP), points to the ISP provided external
DNS servers, and has NetBIOS disabled. I selected the External NIC as the
one which connects to the Internet on the Win2003 Server during the initial
configuration of RRAS.

I've authorized the Win2003 to be a valid RRAS server for the domain from
the DC. I have only 1 Remote Access Policy: to grant access if the NAS Port
Type = VPN and if the user is a member of the domain\VPN_Users group.

Any ideas???

Thanks,
Rob

 

it could be IP Protocol 47 (GRE) issue. quoted from
http://www.ChicagoTech.net

Error 721: Remote PPP peer or computer is not responding. If you have tried
many thing other people suggest like rebooting, reloading hardware and
re-installing the VPN or dial in connection, you still get the same problem.
I will suggest to check the router settings and make sure TCP Port 1723, IP
Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP
enabled and not firewall block the traffic. On the RAS server, check the
DHCP settings.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

 

There is no router to block TCP port 1723 or IP Protocol 47. It's just my
Win2003 server with 2 NICs. Do I need to make any changes to it? I'm not
doing DHCP on the RAS, I'm trying to use the relay for another DHCP server
on my LAN.

Losing my mind,
Rob

 

Nevermind, I fixed it.

 

Dear Rob,

I'm facing the same exact ptoblem can you please tell me what you did to fix the problem?

Thanks

Kevin