error connecting to vpn thru sonicwall

[starchild72]

Hi All,

I am completely stumped. I've been battling this for three days and i can't figure it out. Everytime my vpn (microsoft vpn) users try to login it says it is verifying user then after a couple of mintes it shows the error 619: port disconnected. My server has the error "The user connected to port VPN2-10 has been disconnected because the authentication process did not complete within the required amount of time."

As a test just ... I created a vpn connection locally (on my network) and pointed it to the LAN address and it connects just fine. I think there is a firewall problem. I moved my RAS to differnet servers within the network with the same problem...error 619 on the users. I am using a sonicwall soho2 firmware 6.5.0.4. I recently updated the firmware but i'm not sure if my vpn problem happened around that time.

 

[jsentelle]

Are you passing port 47 through the Sonicwall to the VPN Server? Give some specifics of your setup if possible....

 

[starchild72]

no i don't have port 47 open just 1723. i've done research and i found out that it is not port 47 that you need open. actually it is GRE protocol 47, not port 47 and Sonicwall supports that protocal. actually now i think it is a windows thing not a firewall but heck i haven't figured it out yet. basically everytime i try to connect to our vpn it tries to verify and hangs and the verifying user, it never authenticates and never registers my computer on the network. It's been about 5 days now and i've done research till i'm blue in the face.

To sum it up, my vpn just stopped working. As a test, I setup RAs on each of my servers pointed the firewall to each of the servers and neither of them can authenticate me.

thanks so much for the reply....Joe

Any other help would be greatlt appreciated.

 

[jsentelle]

Every one of these that I have set up I needed to pass GRE through the firewall for authentication to take place. Has this setup worked before? I have several of these running and use them every day. Is it possible your ISP is blocking port 1723? What are you using for IP addresses for the VPN client connections?

 

[starchild72]

it's always worked before just on port 1723. i opened port up 47 and it still doesn't work. ip address is setup correctly cause everything else works fine. Citrix, mail and http all work fine through the sonicwall. i talked with my ISP and mentioned the problem on Thursday but they never got back to me yet. i guess i'll have to followup on Monday with them.

 

[John Lewis]

So, this was working at some point?

You don't need port 47 open, as your research before indicated it has nothing at all to do with VPN or PPTP. Been a while since I touched a Sonicwall, but at the time GRE/PPTP passthrough was enabled by default. I'm sure that was several revisions ago, as it has been some time, but I can't see a good reason for them to change it. The protocol does not present a risk, as it can't do anything or go anywhere without the control connection on TCP/1723.

What OS are you running on the VPN server and the clients, including serivce pack? Any recent service packs (W2K SP4 in particular)??

 

[starchild72]

Windows 2000 SP3. I can't put on SP4 becuase our accounting package will not support us if SP4 is on it.

Like i mentioned i point RAS to my oher server with win2k sp4 and i get nothing. I wondering if it is policy or an active directory thing.