Question : Problem: VPN 721 error, router access list

I'm running Windows SBS 2003 on a Cisco 2800 series router.  From inside the network I can connect my VPN without a hitch, but from outside I get a 721 authentication error.  I read up on this and found out I needed to allow gre, but doing so did not help.  Following is my router access list, where 123.123.123.12 is the public IP address of SBS.  Any ideas?

Extended IP access list Inbound
    10 permit tcp any any established (18221466 matches)
    20 permit tcp any host 123.123.123.12 eq smtp (987 matches)
    21 permit tcp any host 123.123.123.12 eq www (100 matches)
    22 permit tcp any host 123.123.123.12 eq 143 (3 matches)
    23 permit tcp any host 123.123.123.12 eq pop3 (3 matches)
    24 permit tcp any host 123.123.123.12 eq 443 (3595 matches)
    25 permit tcp any host 123.123.123.12 eq 691
    26 permit tcp any host 123.123.123.12 eq 4125
    27 permit tcp any host 123.123.123.12 eq 444
    28 permit tcp any host 123.123.123.12 eq 3389 (5 matches)
    30 permit icmp any any (55766 matches)
    40 permit udp any any eq isakmp (24 matches)
    50 permit udp any any eq non500-isakmp (5559 matches)
    60 permit udp host dns.dns.dns.1 eq domain host 123.123.123.11 gt 1024 (449901 matches)
    70 permit udp host dns.dns.dns.2 eq domain host 123.123.123.11 gt 1024 (53196 matches)
    71 permit udp any eq domain any gt 1024 (72471 matches)
    72 permit tcp any eq domain any gt 1024
    80 permit tcp any host 123.123.123.11 eq 22 (12705 matches)
    90 permit tcp any host 123.123.123.13 eq 500
    100 permit tcp any host 123.123.123.12 eq 6001
    102 permit tcp any host 123.123.123.12 eq 6002
    103 permit tcp any host 123.123.123.12 eq 6003
    104 permit tcp any host 123.123.123.12 eq 6004
    110 permit tcp any any eq 3389 (9 matches)
    120 permit tcp any any eq ftp (18 matches)
    131 permit tcp any any eq 1723 (27 matches)
    132 permit tcp any any eq 10000
    133 permit gre any any (20 matches)
    134 permit esp any any
    135 permit ahp any any
Extended IP access list inbound
Extended IP access list nat
    10 deny ip 10.10.0.0 0.0.255.255 10.10.13.0 0.0.0.255 (2899 matches)
    20 permit ip 10.10.0.0 0.0.255.255 any (1033645 matches)
Extended IP access list sl_def_acl
    10 deny tcp any any eq telnet log
    20 deny tcp any any eq www log
    30 deny tcp any any eq 22 log
    40 permit ip any any log

I'm also having trouble connecting Outlook from outside, but that's a lesser question at the moment.

Answer : Problem: VPN 721 error, router access list

Is your client configured to use PPTP or L2TP/IPSec?  You have opened up GRE and TCP Port 1723 and this is correct for PPTP clients.  If your clients are set to use L2TP/IPSec, you need to open:

-UDP traffic on port 1701
-UDP traffic on port 500
-GRE (you already have this)
-Possibly UDP traffic on port 4500 also

Upgrade your XP clients to SP2 if you haven't already done so.  If the clients are 2000, install the hotfix described in Q818043.
Random Solutions  
 
programming4us programming4us