Event ID 20209 — RRAS Other Remote Access Server Configurations
Applies To: Windows Server 2008 R2
Successful remote access and routing connections require the correct configuration of firewall settings and IP routing protocols.
Event Details
Product: | Windows Operating System |
ID: | 20209 |
Source: | RemoteAccess |
Version: | 6.1 |
Symbolic Name: | ROUTERLOG_VPN_GRE_BLOCKED |
Message: | A connection between the VPN server and the VPN client: %1 has been established but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). |
Resolve
Configure the firewall to allow GRE traffic
To allow PPTP traffic, configure the network firewall to open TCP port 1723 and to forward IP protocol 47 for Generic Routing Encapsulation (GRE) traffic to the VPN server. Some firewalls refer to IP protocol 47 as VPN or PPTP pass-through. Not all firewalls support IP protocol 47. You might need to upgrade the firmware.
Consider using Secure Socket Tunneling Protocol (SSTP), which uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic.
Verify
To verify that the remote access server can accept connections, establish a remote access connection from a client computer.
To create a VPN connection:
- Click Start, and then click Control Panel.
- Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
- Click Connect to a workplace, and then click Next.
- Complete the steps in the Connect to a Workplace wizard.
To connect to a remote access server:
- In Network and Sharing Center, click Manage network connections.
- Double-click the VPN connection, and then click Connect.
- Verify that the connection was established successfully.