I am trying to connect a remote PC to my network, using Microsoft 2000 server (central) and 2000 professional (remote) via the internet. We are able to establish a VPN in the office but once the PC with 2000 professional is moved to its remote location, we have problems establishing the VPN tunnel. we have notice that the remote client is behind NAT and NAT's has problems with GRE.

Can anyone provides us with a secure solution to this problem using Microsoft VPN or any other secure product that enable a remote user to connect via the net to our local LAN?

Thanks Andy.

andrew nesbeth 11/27/2002 10:09:28 AM

I am trying to connect a remote PC to my network, using Microsoft 2000 server (central) and 2000 professional (remote) via the internet. We are able to establish a VPN in the office but once the PC with 2000 professional is moved to its remote location, we have problems establishing the VPN tunnel. we have notice that the remote client is behind NAT and NAT's has problems with GRE.

Can anyone provides us with a secure solution to this problem using Microsoft VPN or any other secure product that enable a remote user to connect via the net to our local LAN?

Thanks Andy.

andrew nesbeth 11/27/2002 10:09:28 AM

VPN error 721: Consider this - 721 errors that occured on some machines (behind a PIC 515 Firewall) but not others. We have a limited number of NAT addresses and once the PIX NAT xlate table became full it would then use PAT. The VPN fails on port 47 if the ip address is a PAT address. T prevent further "721's" we: Cleared the xlate table, changed the xlate timer (it was set to 3hrs) and expanded our NAT scope. Also, we updated the xlate rules in the PIX to map the users having trouble to a NAT address thus ensuring they would always aquire a NAT address.

Brian11/1/2002 1:14:15 PM

Did you ever figure this out as I receive the same error message. W2K client connecting to NT4.5 server, via LinkSys router (pass-thru's all enabled). Finds the server ok but will not logon and give error 721.

Daniel Dyck
- Submitted On: February 13, 2001
I recently bought a Linksys Cable/DSL router. I then tried to enable RRAS with VPN support on a Win2K Server. I followed all the directions to allow IP forwarding through the router (ports 47 and 1723) and tried to configure the VPN as best to my knowledge. My VPN server has two NIC cards and can access the internet just fine. However, it appears as though when I try to connect from a Win2K Pro computer it starts to verify my username and password and I get error 721, something about not having PPP. I'm confused, can anyone help me in finding a solution to what appears to be a very simple problem?

Alex Crabtree 9/7/2002 4:50:17 PM

Very Helpful. IS the DUN client neccessary if I am using 2 linksys VPN routers at both ends of the gateway.

How aobut if I am using 2 win98 pc's [ no NT server ]on novell networks ?



ALBERT HANLEY 6/25/2002 9:30:54 AM

I am trying to setup vpn going through a D-link 704P router from one Windows XP Prof PC to another Win XP Prof PC. The vpn connection works without the router in the equation, but does not work when I add the router back into the equatoin. I've got port 1723 open, and in testing I enabled DMZ which open all ports. So, the incoming connection is not getting blocked. When I attempt to connect, it gets to the point of verifying the password. So it seems to be getting to the host. It stops with and error 733.

Mike Bartosh 5/15/2002 2:49:43 PM

Informative article. I've encountered the problem with XP VPN clients, having browsing problems, now that Microsoft has determined to not allow us to tunnel NetBeui with XP VPN clients.
I have WINS running on the RAS server, I have the client configured with the WINS server address, but the client is not getting Bios name resolution.
I've resorted to using Net Use \\\\ServerName\\ShareName I'm using IP address for ServerName, to account for the lack of BIOS name resolution, but what I'm encountering is, the client can attach to other shares on the LAN, except for the RAS server. I'm getting the 53 error.
I've specified an IP address on the client to use for the VPN connection, and at the server I've allowed the prerequested IP. Am wondering now if I should set this single address as the Static Pool, and set the client to obtain the IP from the server,.. could this truly be a Gateway issue?
The server has a single NIC, and I didn't want the client to get the server's gateway issue. Browsing the internet, while logged in Via VPN is not an issue, we don't need the client to browse the internet while logged in via VPN.

Any ideas why client can't attach to share on the RAS server, when other computers on the lan are mappable?

Carol Fuchser-Burns 4/7/2002 7:48:41 PM

THIS IS JUST GREAT!!!!.
HAVING ALL THIS INFORMATION MAKE IT A LOT EASER FOR PEOPLE
LIKE ME THAT LIKE TO GO DIRECTLY TO ACTION.

THANK YOU VERY MUCH.

JUAN CUELLO 3/23/2002 10:35:17 AM

Problems with VPNs

Paula Sharick's "15 Tips for Troubleshooting VPN Connections" (April 2000, InstantDoc ID 8290) is helpful, but I still have a problem. Microsoft Proxy Server 2.0 is installed on a multihomed server. The server is a domain controller (DC), and RRAS used to work just fine. Proxy Server died completely, and recovery took about 3 hours. In the process, RRAS went down for all connections, internal and external. The error I got is TCP/IP reported error 733: Your computer and the remote computer could not agree on PPP control protocols. According to TechNet, this error shows up on Windows NT 4.0 servers, not Windows 2000 servers. I've reinstalled RRAS, Active Directory (AD--what a nightmare), and even the OS over the existing OS, but I still have the same problem. Neither disabling and removing the second NIC nor giving the second NIC internal and external IPs has fixed the problem. Any ideas?

--Jim Linebarger


The easiest way to figure out what's not working is to enable PPP logging in RRAS and run Network Monitor. Be sure you point Network Monitor to the RRAS NIC, then try a connection and look at the PPP and Network Monitor logs. I can almost always figure out what's not working with a packet sniffer, but sometimes I need to run it multiple times.

--Paula Sharick



Jim Linebarger 3/15/2002 8:57:08 AM

I have a problem that "15 Tips for Troubleshooting VPN Connections" doesn't address. VPN appears to be installed on my Windows 98 client systems, and I'm instructed to add a new client in dial-up networking--but I don't have dial-up networking or a modem. I have a cable modem, and installing a regular modem interferes with the cable modem.

Unfortunately, the Add Connection Wizard in DUN won't proceed until I "install" a modem. When I install a fake modem that I don't have in the machine, the VPN device that's supposed to be there simply isn't. I'm stumped. Can you point me in the right direction?


Win9x has innumerable problems with VPN connections: You fix one, and another crops up. Because Microsoft no longer supports Win9x, I highly recommend that you upgrade your legacy OS to a more current version. Win2K Professional makes a great VPN machine--one that configures and works in a heartbeat.

--Paula Sharick



Michael Mac McCarthy 3/15/2002 8:57:08 AM