20209

I am setting up a Windows 2003 PPTP/L2TP VPN server and after the configuration I started the testing phase. The first error I got was 721 on my Windows XP XP2 client. Windows XP is running as VMWare virtual guest and host is sitting behind a Cisco PIX 501 firewall.

clip_image001

I than went back to the lab server and saw the error message below. I verified the NAT configuration and a static NAT rule was configured based on a private and public ip address translation. ACL was there for ‘any’ tcp communication and I added second ACL for IP Protocol 47 (GRE).

Event Type:        Warning

Event Source:        Rasman

Event Category:        None

Event ID:        20209

Date:                1/18/2008

Time:                4:59:22 PM

User:                N/A

Computer:        VPN-01

Description:

A connection between the VPN server and the VPN client 0.0.0.0 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user’s network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I start to troubleshoot from my Windows Vista Enterprise client and recreated the VPN connection. I tried to connect and Yes I was prompt for my domain password. The Vista client was connected to my ADSL model with 11G connection. The host with Windows XP was sitting behind the Cisco PIX and the Vista client was directly connected to my ISP.

Search on google directed me to this link and fixed my problem.