-
April 7th, 2006, 01:30 AM
#1
VPN connection issues
I recently made a post about trying to configure our firewall to allow two companies to access a program on out network. From the help I recieved I was able to get everything working just fine, but now one of the companies has emailed me saying they have the following problem when trying to connect to our VPN...
error message: Error 721, the remote computer did not respond.
However when I test it with a laptop hooked up to a outside network it seems to connect just fine and I do not recieve this error. What could be causing this? Is it a problem on the companies end or am I missing something? I was also asked by the other company is the connection traverses their NAT, but I am unsure. The second company connects just fine and I haven't heard any problems with them.
It's not a war on drugs it's a war against personal freedoms!
-
April 7th, 2006, 03:10 AM
#2
That sounds like a pptp vpn... right?
They're likely behind a firewall that does not do pptp-passthrough.
Ammo
Credit travels up, blame travels down -- The Boss
-
April 7th, 2006, 04:31 AM
#3
Well my thoughts are always....
If I can confirm connections from at least 2 other locations....from various ISPs and configurations..such as you have done already......you have it working..they dont
its on their end....
Its the router or the ISP...or just a misconfiguration.....I have heard some isps may limit certain traffic smtp,vpns...cause they want you to use their services......Maybe something you want to look at...
Ensure they have they proper remote access and vpn permissions on your end
MHO as always
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 7th, 2006, 06:09 PM
#4
I was informed by the It guy at the company I am working with that he cannot connect from home either. Which is probably just some random ISP like comcast. I still cannot reproduce the problem and was wondering how I should proceed so as to help these people out in making the connection. Do I need to add any rules to our firewall to help the connection get made. Or do they need to set something up on their end so they can get through both their firewall and ours?
Thanks for the help so far it helps shed some light on this mystery.
It's not a war on drugs it's a war against personal freedoms!
-
April 7th, 2006, 06:20 PM
#5
While running some tests I got an email from the IT guy at the other company and he had this to say about not getting through and what may be causing this issue.
"We do not block any outbound connections. We do NAT, and I cannot change that for this location...curious if that's causing the problems."
Could this be the issue? Or should I have him look at something else that may be causing this connection rejection.
It's not a war on drugs it's a war against personal freedoms!
-
April 7th, 2006, 06:22 PM
#6
Hey Blunt, me again
Has this company been able to successfully connect to your firewall via the PPTP VPN recently? I know you just got all of this set up, but have they made any successful attempts yet?
Are your other partner companies that are using the connection able to connect without any issues?
-
April 7th, 2006, 06:31 PM
#7
With out specifics....cant help much
What routers..are you, and the other companies using....firewalls...OSes
Could be a limitation of the router and the amount of simultaneous VPN connections it allows??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 7th, 2006, 06:53 PM
#8
Company A and company B are getting different results. One can connect just fine and their only complaint is that its not very fast, which I expected. The other company cannot get through and always gets an error that the remote computer is not responding and error code 721. Not sure why one works and the other doesn't, but the company that doesn't is a much bigger and therefore many more security rules and policies.
We have an old watchguard firewall III and are using cisco routers. The other company is a sonicwall firewall and it allows then to connect just fine. The bigger company has a number of offices and a number of firewalls and routers. I do not know all the specifics, but to me it seems that somewhere in their secuirty policy is a rule that denies clients in the network to create a VPN to anyone else. Other than that I thought our firewall might not be able to accept connections, but I continue to connect from random wireless networks around the neighborhood just fine with no problems and its fairly quick when connecting. I am pretty clueless as to what the issue is and continue to want to point my finger at the big company for having too tight of a policy when it comes to making outside connections.
The users allowed to connect to our network at PPTP users and I never can reproduce the problem they experiance.
It's not a war on drugs it's a war against personal freedoms!
-
April 7th, 2006, 07:04 PM
#9
Not knowing the specifics of the 'other' companys' networks, from what you say, it sounds as if the problem will be on their end. Several other companies are connecting through the PPTP VPN you have setup just fine, plus you are connecting just fine during your testing. For the company who is having issues, it's not that their policies are too tight; it appeas that they just need to allow outbound PPTP access for specific employees who have that need to connect back to your network.
One can connect just fine and their only complaint is that its not very fast, which I expected.
This is expected, especially on that older Firebox III - the VPN throughput on those older WatchGuards isn't that great, resulting in a slow VPN connection. I've seen that many times...
-
April 7th, 2006, 07:31 PM
#10
Cisco VPN Client Error/Reason Messages:
Error 721: Remote PPP peer or computer is not responding. If you have tried many thing other people suggest like rebooting, reloading hardware and re-installing the VPN or dial in connection, you still get the same problem. I will suggest to check the router settings and make sure TCP Port 1723, IP Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP enabled and not firewall block the traffic. On the RAS server, check the DHCP settings
Do you have enough IP's available/spare?
A guy in this thread was having a similar problem:
http://www.tek-tips.com/viewthread.c...1194013&page=1
He sorted it by upgrading his firmware.
GL
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|