The VPN connection between your computer and the VPN server could not be completed. The most common cause for this failure is that at least one Internet device (for example, a firewall or a router) between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets. If the problem persists, contact your network administrator or Internet Service, Provider.
If you encounter this error message while connecting to a PPTP VPN. Please check if PPTP port is open and GRE packets are allowed.
You may need to open TCP port 1723 (for PPTP tunnel maintenance traffic) in the firewall. PPTP also uses IP protocol 47 for tunneling data (for “General Routing Encapsulation” or GRE packets). So you will need to allow GRE traffic through your firewall.
You can follow the below steps to open the PPTP port and allow GRE traffic through a Cisco Firepower NGFW.
- To open the TCP port 1723(PPTP), please run the below command in Cisco CLI.
“> configure inspection pptp enable“
- After that, you will need to allow GRE traffic. To allow GRE Packets, Log in to Cisco FDM > Policies > Access Control> Add a new rule like below-