Question : Problem: VPN 721 error, router access list

I'm running Windows SBS 2003 on a Cisco 2800 series router. From inside the network I can connect my VPN without a hitch, but from outside I get a 721 authentication error. I read up on this and found out I needed to allow gre, but doing so did not help. Following is my router access list, where 123.123.123.12 is the public IP address of SBS. Any ideas?

Extended IP access list Inbound
10 permit tcp any any established (18221466 matches)
20 permit tcp any host 123.123.123.12 eq smtp (987 matches)
21 permit tcp any host 123.123.123.12 eq www (100 matches)
22 permit tcp any host 123.123.123.12 eq 143 (3 matches)
23 permit tcp any host 123.123.123.12 eq pop3 (3 matches)
24 permit tcp any host 123.123.123.12 eq 443 (3595 matches)
25 permit tcp any host 123.123.123.12 eq 691
26 permit tcp any host 123.123.123.12 eq 4125
27 permit tcp any host 123.123.123.12 eq 444
28 permit tcp any host 123.123.123.12 eq 3389 (5 matches)
30 permit icmp any any (55766 matches)
40 permit udp any any eq isakmp (24 matches)
50 permit udp any any eq non500-isakmp (5559 matches)
60 permit udp host dns.dns.dns.1 eq domain host 123.123.123.11 gt 1024 (449901 matches)
70 permit udp host dns.dns.dns.2 eq domain host 123.123.123.11 gt 1024 (53196 matches)
71 permit udp any eq domain any gt 1024 (72471 matches)
72 permit tcp any eq domain any gt 1024
80 permit tcp any host 123.123.123.11 eq 22 (12705 matches)
90 permit tcp any host 123.123.123.13 eq 500
100 permit tcp any host 123.123.123.12 eq 6001
102 permit tcp any host 123.123.123.12 eq 6002
103 permit tcp any host 123.123.123.12 eq 6003
104 permit tcp any host 123.123.123.12 eq 6004
110 permit tcp any any eq 3389 (9 matches)
120 permit tcp any any eq ftp (18 matches)
131 permit tcp any any eq 1723 (27 matches)
132 permit tcp any any eq 10000
133 permit gre any any (20 matches)
134 permit esp any any
135 permit ahp any any
Extended IP access list inbound
Extended IP access list nat
10 deny ip 10.10.0.0 0.0.255.255 10.10.13.0 0.0.0.255 (2899 matches)
20 permit ip 10.10.0.0 0.0.255.255 any (1033645 matches)
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log
40 permit ip any any log

I'm also having trouble connecting Outlook from outside, but that's a lesser question at the moment.

Answer : Problem: VPN 721 error, router access list

Is your client configured to use PPTP or L2TP/IPSec? You have opened up GRE and TCP Port 1723 and this is correct for PPTP clients. If your clients are set to use L2TP/IPSec, you need to open:

-UDP traffic on port 1701
-UDP traffic on port 500
-GRE (you already have this)
-Possibly UDP traffic on port 4500 also

Upgrade your XP clients to SP2 if you haven't already done so. If the clients are 2000, install the hotfix described in Q818043.

Random Solutions

Problem: Internet without browser ?

Problem: Dual monitors not working

Problem: Switch / Relay to turn on 110 volt AC when set temp is reached?

Problem: How remove cd or dvd from minimac

Problem: CANNOT INSTAL XP SP2 WHILE ON AHCI MODE

Problem: HP Officejet 7410

Problem: memory voltage change

Problem: Problem UMAX ASTRA 1220S

Problem: Processor Upgrade IBM NetVista 6825

Problem: how do i stop ghost 10 backup once started