Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 20209 Source: Rasman

A connection between the VPN server and the VPN client <ip> has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
If a client PC with Windows XP and OneCare tries to connect via VPN to an ISA-Server 2004, you get exactly this event logged on the ISA-Server. To resolve the problem, you must change the settings of OneCare to enable VPN-Connections.
This event may be recorded when a VPN connection is attempted over a high latency network (i.e. satellite-based Internet connectivity).
From a newsgroup post: "The failure is most likely caused by the hardware router not allowing GRE Protocol 47, which is used in conjunction with PPTP to create VPN between clients or between clients and servers. You may need to allow GRE protocol 47 and TCP port 1723 traffic on your hardware router to enable the connection. See ME241251 for more information about GRE Protocol 47. To resolve the issue, please configure the router to pass GRE Protocol 47 traffic. Some routers call that "PPTP Pass Through" or "VPN Pass Through". Please check the router support pages or the manual for help doing that".

From a newsgroup post: "I had the exact same problem / error after installing SP1 on Windows Server 2003. It broke our VPN connections. Once I uninstalled SP1, the VPN connections worked again. There must be a bug in SP1, or SP1 reconfigures RRAS or the firewall in such a way to prevent VPN connections".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.