Solved

Need to find a w/l router that can support 2 vpn sessions and file/print sharing

Posted on 2004-10-13
13
245 Views
Last Modified: 2010-04-17
I have several wired and wireless computers, some on a domain, some in a workgroup.  I want to connect two of the clients to my corporate network, which means i need to run a cisco vpn on two pcs.  Prior to going wireless, I had a netgear router that allowed 2 machines to run the vpn, AND share files and printers between all machines without a problem.

I got a Belkin w/l router, and the file and print sharing works OK, but when the 2nd vpn app starts, the first vpn connection is dropped.

So, I got a Netgear w/l router.  Although it says that it can support 2 ipsec sessions, it drops the first connection when the 2nd client signs on. In addition, the machines can all share files and printers, but once I invoke the vpn on a single machine, all sharing stops. Netgear says that their router can do file and print sharing, but they don't 'support' it, so they won't answer any questions about why it doesn't work.

So, I think what I'm looking for it pretty simple.  I want to have multiple cisco vpn client apps running at once, and whether the vpn is on or off, or switches on and off, i want the other machines to be able to see everyone elses file and printers. And I need it wireless G.

Advice
0
Comment
Question by:joemz
  • 7
  • 5
13 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12304935
I use Linksys WRV54G. It's sweet!
Create lan-lan VPN's, use VPN client to connect to it while on the road, and I can have as many clients open at once as I want...
Everything I need...
0
 

Author Comment

by:joemz
ID: 12306935
I just read the specs on it. Impressive.  Two questions.

It doesn't mention anything about all of the devices sharing files and printers, regardless of whether the client is on the vpn on not

i never considered 'inbound' vpn. what software would i run on the remote machine to access my home network.  i have only used vpn in a corporate setting where the company provides the vpn client software and obviously the host server software.  Would i have to install a second vpn app on my laptop to get to my home network, and then install the equivalent of a vpn server software on my home computer? Recommendations for what to use would be great? Am I totally confused?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12307011
Linksys has it's own VPN client that you use when remote.

As for sharing files while on the VPN, that sort of depends on what client you have. For example, if you use the Cisco VPN client, the ability to use local lan while connected to the VPN is controlled by the server side with policy pushed to the client and there is nothing you can do about that (better security for the company). Many VPN clients also have an embedded firewall that is "on" while connected that disrupts local network access to your PC while you are connected via VPN. The idea is that you do not want to become a conduit for another machine to access the VPN.
If you are using Microsoft PPTP VPN then you should not be affected.
0
 

Author Comment

by:joemz
ID: 12307101
Sorry to have to ask such basic clarifications, but here goes

In my current configuration, running ONE cisco vpn client, the file and print sharing runs just fine among the local lan members.  I can start up clients and immediately have connectivity to shared printers and files, and that doesn't change as I start or drop the vpn.  Everything works fine, but it's just one client

If it works fine today, then can I assume that there is no corporate policy to restrict it?

The confusion I have with your statement about 'policies controlled by the server' is that everything ran fine on the belkin rtr, but not the netgear.  if it was the server restricting me, wouldn't i have equivalent behaviors with both routers

Meaning, if it works today, with the new router, should it continue to work when multiple clients are running?

Thanks much
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12307132
Yes, if it works today, the router really has nothing to do with it. It's just a switch on the local side. Switches do not have intelligence to know if you are on a VPN or not.
What VPN client are you using?
0
 

Author Comment

by:joemz
ID: 12307170
I use a Cisco VPN client version 4

If it's all server controlled, why did all print and file sharing stop when I used the Netgear r/t and turned on vpn?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 79

Expert Comment

by:lrmoore
ID: 12307242
I wish I had better news for you.
There's no way to know. Perhaps it was coincidnece that the policy changed about the same time you switched routers?
I use the same VPN 4.6 client, I connect to PIX firewalls and VPN 3000's. The difference is that I control both ends and can set up my connection any way I want.

There is a checkmark "allow local lan access" under the "transport" tab in the connection settings - is this checked? On both?
Again, the server end can override this selection on your part. The server end can control the firewall settings - you cannot, other than check the Stateful Firewall Always On... make sure this is un-checked on both PC's.

0
 

Author Comment

by:joemz
ID: 12307376
I don't think I have server issues, and here's why.  The belkin worked for file and print sharing (but only one vpn). then i moved to the netgear (file and print didn't work). As you said, its possible the server settings changed.  But then i switched back to the belkin and everything worked again.  So, unless I'm the victim of really odd server timing changes, I think I'm ok on the server side

Yes, local lan is set ON on both machines.  Stateful firewall is unchecked on both

I just noticed something else odd.  The first machine is running the VPN and is fine.  When I click the vpn app on the second machine I get the dialog box where I chose which corporate server I want to go to. once i chose the corporate server and hit Connect, the first machine drops.  Way before I even get a chance to put in security information.  Thats why I don't thiink its the server, but something locally
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12307445
Well, it certainly sounds like something potentially in the Netgear with the wireless/wired bridging, and it certainly won't support two VPN's at once...

I don't think you'll have that problem with the Linksys..
0
 
LVL 6

Expert Comment

by:Technicon-SG
ID: 12309707
If your Netgear has a setting for "VPN Passthough" you may need to turn it OFF...Assumeing that your VPN concentrator (the severer that you are trying to connect to) is using NAT transversal, you do not need it...If your VPN server is not using NAT trasversal you will be unable to connect 2 clients from behind the same NAT device (your Netgear)...Check with your VPN administrator on this
0
 

Author Comment

by:joemz
ID: 12309746
I'm going to pick up the dlink router tonite. The advice was definitely excellent. Thank you
0
 

Author Comment

by:joemz
ID: 12313803
LRMOORE

Can i re-open this question????  I got the router, and I still can't do two vpn sessions
0
 

Author Comment

by:joemz
ID: 12314111
Additional information.   I called Linksys, and it took a while for them to realize I'm interested in running vpn into a corporate server, not being a web server myself.  At that time, the immediately told me that the router only supports one concurrent ipsec session.  If you try to start a second, the first will be dropped. Which is exactly the behavior I'm seeing.

I asked why the specs say the router can fun 25 or more concurrent vpn sessions. Explanation is that the router itself can be the vpn server, and that in that case i wouldn't have to run vpn software on each client. sorta like a corporate bureau setting doing into a larger server farm.

The problem I have with this is that I have clients on the home network that I don't want to use the vpn at all. They have nothing to do with corporate, like my kids machines, and don't want their traffic going thru the company.  Also, there are times I want to use one of these clients for private browsing without having the corporate police see whats going on

So, when I asked about running two vpn (udp,ipsec) concurrent sessions, they said I had to find out the port number and open it on the router.  I have no clue what this means, or what the implications of it are.  

The good news is that it does file and printer sharing regardless of the vpn being on or off or switched in the middle
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Recommendations on a Router for VPN 3 42
OSPF Routing Problems 9 64
EIGRP Summary 2 31
HSRP needed? 4 27
In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now