vpn fails to allow multiple users from remote dsl network

[gpoe]

WE have sites using Server 2000 VPN and can not get more than one user at a time connected from remote DSL based networks. The VPN site has Windows 2000 Servers, A DSL modem on NIC-2, LAN on NIC-1. The remote sites have a single DSL and Linksys 1-4 Port DSL routers (very basic), behind the DSL router is their LAN hub and PC's. When a remote user connects via the single static IP to the VPN server they connect and can run applications. When the second user connects via the same DSL line, they do not connect and get both users disconnected. I think the VPN server is having a problem with more than one user per IP? If not, there must be a solution, else how is it that companies get connected? Do they use a ROUTER to VPN or VPN to VPN server?

Thanks, your input is appreciated.. GPOE

 

[the1dean]

I am assuming that you are using VPN over PPTP. While Lynksis supports PPTP passthrough, it supports it for only one computer at a time. While one computer is connecting through VPN through the router, no other computers can connect. For more information, you can go to the Lynksys web site. They have this documented. I would not suggest calling Lynksis technical support, as you will not likely get through to a human being.

 

[ABCRich]

Actually this problem has been fixed, but requires a firmware upgrade for the router. Email ChrisSepich@hotmail.com for the update. OR see post about Linkys 41 router.

Hope that helps...

 

[billhome]

Do these connections originate using PPPOE by any chance? I am working on something that has similiar symptoms. I am going through a nexlan router though.

 

[tpsnyder]

Had EXACTLY the same problem using a Cisco 678 - it supports multiple clients to the internet via NAT but only one VPN conenction at a time, even when those connections are outbound.

had to Run the router to a multihomed W2k server running NAT and RRAS as a workaround.


Tom

 

[hwvsr]

You will need to set up mutipul VPN devices in RRAS. It is one device per connection. When you set it up it defaults to one just go back in and change the number of VPN devices.

 

[Guest_imported]

Has anyone had any experience with Netscreen VPN solutions? Particularly the 5 and 10 series firewalls and the Net Remote client. I appreciate any answers as we are considering this product.

 

[billhome]

I have come to a conclusion and resolved my issue. The problem was that the DSL users were behind a nexlan box. The default setting for nexlan and say linksys for internal clients if the dhcp service is running is to use an internal dhcp scope of 192.168.0.x. The problem arises when a client is trying to connect to a remote lan that has the same ip scope. So then add the vpn into it and basically you have a client with a 192.168.0.2 address connecting to the remote gateway and accessing a subnet of say 172.16.0.x. No problem all works well. The internal host remember coming over the dsl line has a legally internet routable IP. All traffic flows things a good. Now a second person trie to come over dsl from behind a linksys or nexlan and has the address of 192.168.0.2 and is using his gateway address for internet routable ip. Now the remote gateway gets a paket from the 2nd connection and says wait a min. I already have this host, 192.168.0.1 but from another gateway. I believe what happens at that point is that the IPsec breaks and drops both connections thinking it may be a spoof of some time. I changed the internal scheme of one of the dsl routers to 192.168.2.x and both users can now connect simultaneously. Just something I did. Not completely sure about the "spoof" thing but I think it makes sense. Give it a try and see if it makes a difference. I woud be interested if you could post a follow up. Thanks.