Community LAN VPN issue

Posted on 2003-03-28
Medium Priority
Last Modified: 2010-04-12
Our small condo has a shared T-1 line. It was practically free because we put the administrative phone lines on the T-1 line using Voice over IP. The nice thing is we get to use the bandwidth for internet when the phone lines are not in use.  A Cisco IAD2400 serves as the router and dhcp server. The router connects to a series of baystack managed switches. The access so far has been great, but recently someone started experimenting with a AT&T VPN client to connect to their office with little success.

So far, we have tried setting up a static IP inside the router and opening up ports specified by the employers IT dept.

We do have the option to add public IP addresses to the router.

I am trying to think ahead to the day when several users are attempting to use VPN at the same time.

Question: What would be the best way to allow multiple users to access different VPN servers from inside our community LAN?
Question by:1stinlastout
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 79

Expert Comment

ID: 8229466
There are so many variations on VPN's that it is difficult to come up with a single solution. Many times NAT will break it, and different setups require different ports, and trying to do one-one NAT for everyone may not be the easiest solution. If you have enough pulic IP addresses, the simplest solution would be to simply use public addresses.

Author Comment

ID: 8231269
I can get the IP addresses, but I was hoping to use a second VPN router/gateway to pass the vpn off to each user as needed. IP addresses are getting more difficult to get as we have to fill out ARIN justification form and then wait at least three days to get a block of IPs. If someone visiting needs to VPN we could run short. On the other hand we could get more than we need and just sit on them. Seems like a waste of cyberspace.
LVL 79

Expert Comment

ID: 8232872
Without doing one-one NAT, or assigning public addresses without using nat, it would be very difficult to support all the different types of VPN. MS PPTP absolutely won't work behind nat, some VPN client that use AH headers won't work behind nat.

If you use a nat pool with enough addresses that makes it more statistically probable that a user will get a dynamic one-one nat, then most VPN's should work. Are you using an external firewall, or doing everything right on the 2400?
Assuming that you have an inbound acl, can you post the acl?
LVL 51

Accepted Solution

ahoffmann earned 1000 total points
ID: 8254049
if you can place a linux box behind your 2400, you may install FreeS/WAN on it which acts as VPN gateway.
It requires only one IP, and can handle multiple different VPN connections to your LAN using IPSec.
Is this what you need? or do you need VPN to your M$-servers in the LAN?
LVL 79

Expert Comment

ID: 8450534
G'day, 1stinlastout
It has been 36 days since you posted this question.
Do you still need help? Have you received enough information?
Can you close out this question?
Ways to close questions: http://www.apollois.com/EE/Help/Closing_Questions.htm

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question