VPN into Terminal Server, VPN out again, how?

[habman]

Hi All,

Here's the situation, we want to VPN into a Terminal Server that we can use as a remote desktop, to then turn around and VPN out to client servers for support purposes. The experience so far, has been that when you launch the VPN client to connect to client sites (after VPNing in from home) the connection is cut completely. A reboot is required before I can even start the 1st VPN again.
Is there any way to launch a VPN session from within a VPN session? Or does that completely mess with the IP stack?
The current VPN software is Nortel Networks, maybe another VPN software can do it? Or do I have to go to another solution?

Thanks

 

[Methodtsi]

Ok.. I have experienced something similar to this... This happens because the second "client" connection you are making is rebuilding the protocol rules when you execute the program.

This will naturally cause the 1st VPN connection to drop when you execute the 2nd VPN connection. However, if you are NOT securing or routing the home ip subnet of the 1st connection, you should be able to immediatiatly reconnect with both tunnels active.

I (being a relative VPN novice) would recommend starting with these 2 positions:

1) Make sure the VPN software vendor can support multiple simultainious (sp) connections. (Contacting the vendor support almost always helps you through the issue)

2) Check the "Rule Set" configurations of both connections so that the subnet rules do not interfer with one another.

Does this help at all?

Thanks,

Method

 

[mrscary]

What you suggest can be made to work - for instance, in my own office, my workstation is setup so that I can vpn into a number of client offices.

When I am on site, occasionally I get a call to dial into a client office - so from my laptop, or whatever computer is available, I vpn into my network, then take control of the desktop (terminal services) and then VPN out.

The VPN software is just that supplied with Win2K server

Anyhow - I think your problem is this:

Go to the properties section of the dial in, and look under TCP-IP settings, then click on the "Advanced" button. In the general tab, you must make sure that the "Use Default Gateway on remote network" checkbox is CLEARED. By default it is checked. If it is checked then you will lose whatever your previous gateway was, whenever you dial the VPN.

M.


Hollingside Technologies, Making Technology work for you.

http://www.hollingside.com

 

[habman]

Thank you both. I have not had a chance to addess this again, but will hopefully get to it in the next day or so.

However, I do not think the results are the same when dialing in through RAS. The scenario I'm talking of is when you VPN in to the Terminal server using a high speed connection such as cable or DSL.

I'll look into your suggestions and respond with results as soon as I have them.

 

[mrscary]

The method of dial doesn't actually matter. I have a phone line that has an autoanswer modem - so I can VPN using my notebook and mobile phone - but by preference I ues the internet via a broadband link.
Either way the server sees the dial in as a network adapter and deals with it accordingly.
M.

Hollingside Technologies, Making Technology work for you.

http://www.hollingside.com