1. Home
  2. Networking Firewalls
  3. VPN Server Behind Linksys Router BEFSX41 and Error 721

VPN Server Behind Linksys Router BEFSX41 and Error 721

I have been trying to setup a VPN but every time i try to connect from the client machine to the VPN server it tries to verify the username and password and them gives me the following error : Error 721 the remote computer did not respond. Here is how I have got my setup..........

  1. Router with a Static public IP Address 64.XX.XX.XX and a static internal IP Address of 192.168.1.1 subnet mask of 255.255.255.0.

  1. The internet connection comes directly to the router and I have a Lan connection going to my switch/hub, rest of my internal client machines including the server connect through the switch/hub.

  2. I have Windows 2003 running on the server which is used as a file sharing server, print server and VPN Server. It is also a domain for all the client machine with a Static IP address of 192.168.1.3

  1. All the client machines are using Windows XP Prof.

  2. The client machines connect to this domain and get a dynamic IP through the router which is set up as a DHCP.

  1. While setting up the VPN I have forwarded the port 1723 & 47 to the server IP address of 192.168.1.3. If I don't forward this port the client machine is unable to connect giving a error 800 : Unable to establish a VPN connect.

  2. On my VPN server I have enabled Remote Access permissions to all the user.

Presently I am trying to connect via VPN from my internal network but still i am getting the error 721, once I am successfully from the internal network I will try to connect from the remote machine.

Guys please help me out I am really stuck out here. There is one option which I have not tried is putting off the DHCP of the router and enabling it on the server, please let me know if this is going to help? or if there is something i am doing wrong. Thanks.

Reply to
Sandy
Loading thread data ...

[snip]

I've run into this many times since CISCO bought Linksys:

There is actually a tech article on the Linksys that describes how to fix it, but here's the short version:

721 indicates that GRE is not getting out of the router (or into it) and what you need to do it setup port-forwarding as follows:

TCP/UDP 1723 inbound to server IP TCP/UDP 43 inbound to server IP

Yea, I know that GRE is not port based, but that's the workaround from Linksys. You also need to have PPTP passthrough enabled on the router.

Reply to
Leythos

Oh, hey, I forgot to mention that the way I found this was by calling MS, using one of the included support incidents, and the tech walked me though sniffing the connections and spent about 2 hours online with me - they didn't even charge me for the support incident. The networking support people from MS Support are top-notch in my book.

Reply to
Leythos

I tried forwarding port 43 but it didn't help, but u know i tried connecting from my home office yesterday which is a remote location and I was able to connect (this is before i forwarded the port 43) but the problem i had was though I was logged on to the domain but still I could not see the network computers. If any of you have come across this problem please help and thanks Leythos for your suggestion. I am getting a new router today which is Linksys R042 lets see if this helps.

Reply to
Sandy

I'm taking pain medication, never used it before, if I said 43 it should have been 47 both tcp/udp.

One other thing - make sure that the company network and your home network are on different subnets.

Reply to
Leythos

Upgrade to the latest firmware on the Linksys router. This is a common problem with older firmware revisions.

/AMB abrummittATgmailDOTcom

Sandy wrote:

Reply to
Aaro

Test your vpn settings for starters.. Try to connect to the vpn server from inside your network, if you cannot override the remote policy by enabling the "vpn test user" dial-in permision in ADUC mmc. Linsys BEFSX41 has VPN passthrough capabilities in Security Menu, VPN, make sure they are enabled... As for the firmware - sx41 came out with 1.58, which is the latest.

For the DC to authenticate, you have to provide domanin/username credential, have you tried that?

And the last thing I would do in a first attempt to troubleshoot is to place (temporarily) the dc in the dmz port, enable the dmz port and try the vpn connection from outside

Julian Dragut

Reply to
Julian Dragut

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.