GRE 47
|
Prev: WSUS - MsiInstaller event ID 11722
Next: Malware
From: FREEMAN on 26 Jul 2006 09:41 I have the following setup: Linksys RV042 Firewall/VPN router SBS with 2 nics I set up the UPnP to allow the SBS to configure the router/firewall, and after I did so, I noticed it forwards various ports to the SBS server NIC: FTP [TCP/21], E-mail [TCP /25 ->25], VPN [TCP/1723], Web Server [TCP/80], Secure Web Server, Remote Web Workplace, and Windows SharePoint Services I am able to connect to RWW, but when I try to connect using VPN, I get the following in the SBS log: "A Connection between the VPN server adn the VPN client xx.xx.xx.xx has been established, but the VPN connection cannot be complted. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47)." So, do I need to forward port 47 manually? I thought UPnP was supposed to take care of that.
From: Karan Rustagi on 26 Jul 2006 09:54 Hi, At times it does not and you have to do it manually. See if you have a direct option to open GRE 47 on router or Allow PPTP. Karan Rustagi karanrustagi(a)hotmail.com "FREEMAN" <FREEMAN(a)discussions.microsoft.com> wrote in message news:C52AB87C-8801-4722-A2B0-D41962FF3C3B(a)microsoft.com... >I have the following setup: > > Linksys RV042 Firewall/VPN router > SBS with 2 nics > > I set up the UPnP to allow the SBS to configure the router/firewall, and > after I did so, I noticed it forwards various ports to the SBS server NIC: > > FTP [TCP/21], E-mail [TCP /25 ->25], VPN [TCP/1723], Web Server [TCP/80], > Secure Web Server, Remote Web Workplace, and Windows SharePoint Services > > I am able to connect to RWW, but when I try to connect using VPN, I get > the > following in the SBS log: > > "A Connection between the VPN server adn the VPN client xx.xx.xx.xx has > been > established, but the VPN connection cannot be complted. The most common > cause for this is that a firewall or router between the VPN server and the > VPN client is not configured to allow Generic Routing Encapsulation (GRE) > packets (protocol 47)." > > So, do I need to forward port 47 manually? I thought UPnP was supposed to > take care of that.
From: Simon on 26 Jul 2006 10:13 As Karan said, note that it's not a port number but a protocol type, most routers cover it by including that into a pptp setting with tcp 1723. simon Karan Rustagi wrote: > Hi, > > At times it does not and you have to do it manually. See if you have a > direct option to open GRE 47 on router or Allow PPTP. > > Karan Rustagi > karanrustagi(a)hotmail.com > "FREEMAN" <FREEMAN(a)discussions.microsoft.com> wrote in message > news:C52AB87C-8801-4722-A2B0-D41962FF3C3B(a)microsoft.com... >> I have the following setup: >> >> Linksys RV042 Firewall/VPN router >> SBS with 2 nics >> >> I set up the UPnP to allow the SBS to configure the router/firewall, and >> after I did so, I noticed it forwards various ports to the SBS server NIC: >> >> FTP [TCP/21], E-mail [TCP /25 ->25], VPN [TCP/1723], Web Server [TCP/80], >> Secure Web Server, Remote Web Workplace, and Windows SharePoint Services >> >> I am able to connect to RWW, but when I try to connect using VPN, I get >> the >> following in the SBS log: >> >> "A Connection between the VPN server adn the VPN client xx.xx.xx.xx has >> been >> established, but the VPN connection cannot be complted. The most common >> cause for this is that a firewall or router between the VPN server and the >> VPN client is not configured to allow Generic Routing Encapsulation (GRE) >> packets (protocol 47)." >> >> So, do I need to forward port 47 manually? I thought UPnP was supposed to >> take care of that. > >
From: Simon on 26 Jul 2006 10:25 Leythos wrote: > In article <iMKxg.46775$1g.14432(a)newsfe1-win.ntli.net>, simon(a)not- > here.com says... >> As Karan said, note that it's not a port number but a protocol type, >> most routers cover it by including that into a pptp setting with tcp 1723. >> simon > > Many routers, the cheap ones, often called firewalls by mistake, don't > handle GRE properly. In those cases you have to forward GRE as port 47, > sometimes you have to forward UDP on 47, TCP on 47, or both UDP/TCP on > 47 to make it work. > > Thanks leythos, that's one I will remember. simon
From: FREEMAN on 26 Jul 2006 11:14
I've forwarded both TCP port 47 and UDP port 47 to the SBS server-side NIC to no avail. The error message in the SBS log says at the end to check with your ISP to see if they are disallowing GRE packets. I really don't think this is it, but I'm pulling my hair out on this thing. I have been able to successfully create an internal VPN, by hooking my workstation up to a different Subnet, and using the SBS private IP, rather than the Router's public IP. |