multiple VPN tunnels through a single ADSL connection
I have an ADSL connection and which provides internet/outside connectivity to some 15 Windows XP (SP2) dkstops. They are all connected to the ADSL through a switch. I can establish only one VPN tunnel to our corporate network by setting up a VPN connection in Windows XP. I need to get multiple users access to the corporate network through multiple sessions (tunnels) simultaneoulsy. I have tried wirh two modems, one Netgear and the other NetComm. Is this limitation comes from the ADSL connection or from the ADSL modem router I am using. I am based in Australia. I have asked a couple of service providers and they have not given me a definitive answer.
TIA.
ASKER
The end point is on CISCO VPN Concentrator. So therefore, it must be going different end points, if I understood correctly what you meant by "endpoints"
Thanks
Thanks
OK, so you want many users on your local LAN to all connect to the same Cisco VPN concentrator at the corporate network?
Probably not going to happen.
My suggestion would be to buy a router that is capable of creating a site-to-site or Lan-to-Lan VPN tunnel instead of multiple clients.
Probably not going to happen.
My suggestion would be to buy a router that is capable of creating a site-to-site or Lan-to-Lan VPN tunnel instead of multiple clients.
"Is this limitation comes from the ADSL connection or from the ADSL modem router I am using."
--it is the ADSL modem router, which doesn't handle IPSec DES/3DES well.
are you using Cisco VPN client on your XP machines? if yes, try this:
open Cisco VPN client, right click VPN profile-->modify-->Transpo
Make sure at CISCO VPN Concentrator side, that "IPSec over UDP" is enabled as well. you also need latest version of VPN client from Cisco for XP w/sp2.
--it is the ADSL modem router, which doesn't handle IPSec DES/3DES well.
are you using Cisco VPN client on your XP machines? if yes, try this:
open Cisco VPN client, right click VPN profile-->modify-->Transpo
Make sure at CISCO VPN Concentrator side, that "IPSec over UDP" is enabled as well. you also need latest version of VPN client from Cisco for XP w/sp2.
ASKER
I am using the "VPN Client" which comes with Windows XP itseld, not the CISCO VPN Clint. I think our corporate VPN concentrator accepts only PPTP connections (We have confgured Windows XP VPNing over PPTP. If I select the option "L2TP IPSec VPN, it complains about not bein able to connect).
My ADSL/Modem router is not CISCO. Can I still run a CISCSCO VPN client on a Windows XP machine sitting behind a non-CISCO ADSL Modem/router box. If yes, is there any particular version?
TIA
My ADSL/Modem router is not CISCO. Can I still run a CISCSCO VPN client on a Windows XP machine sitting behind a non-CISCO ADSL Modem/router box. If yes, is there any particular version?
TIA
"My ADSL/Modem router is not CISCO. Can I still run a CISCSCO VPN client on a Windows XP machine sitting behind a non-CISCO ADSL Modem/router box. If yes, is there any particular version?"
--yes, you can. you need at least Cisco VPN client 4.6.02 for xp w/sp2.
I also suggest to use IPSec DES/3DES protocol since you already got a Cisco concentrator at corperate.
--yes, you can. you need at least Cisco VPN client 4.6.02 for xp w/sp2.
I also suggest to use IPSec DES/3DES protocol since you already got a Cisco concentrator at corperate.
ASKER
I could noyt locate VPN Client 4.6.02 in the CISCO website. I could locate only 4.6 and then VPN 5000 client. I is not entirely clear in the documentation whether VPN Client 5000 works with a 300x concentrator though.
I will give a shot at both and see how it goes. One thing though, I can not select L2TP IPSec when using Microsoft Windows XP VPN client- it will not talk to the concentrator unless I selecct PPTP.
TIA
I will give a shot at both and see how it goes. One thing though, I can not select L2TP IPSec when using Microsoft Windows XP VPN client- it will not talk to the concentrator unless I selecct PPTP.
TIA
here is the url for latest VPN client, you will need CCO from Cisco to access it:
http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-3des
As I suggested, try IPSec 3DES, it's more secure and well implemented specialy when you got Cisco Concentrator at the other end.
BTW: do you know the model number and OS version?
http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-3des
As I suggested, try IPSec 3DES, it's more secure and well implemented specialy when you got Cisco Concentrator at the other end.
BTW: do you know the model number and OS version?
You're still going to end up with the same problem. Only one VPN tunnel of each type, whether you use Microsoft PPTP or Cisco IPSEC, can be connected from your location to the same VPn3000 concentrator at the same time. You could have two, one PPTP and one IPSEC, but that won't serve all 15 workstations.
You *really* need to swap out your local router for one that is capable of creating a lan-lan tunnel with the VPN 3000. I suggest a Linksys RV042 for around $175
Do you control the VPN3000? If not, it may not even be setup to allow you to use the Cisco client.
You *really* need to swap out your local router for one that is capable of creating a lan-lan tunnel with the VPN 3000. I suggest a Linksys RV042 for around $175
Do you control the VPN3000? If not, it may not even be setup to allow you to use the Cisco client.
I have a Cisco concentrator 3005 at head office, and at one remote location with 8 PCs all behind a cheap ($45) linksys router with Cisco VPN client, all PCs are VPNed to head office at SAME time, no problem.
Thanks, magicomminc. Can I assume that you use UDP encapsulation, or do you use TCP?
no prob. IPSec over UDP.
ASKER
Thanks magiccomminc,
I think I need a cheap VPN router at this end. When you said "behind a cheap ($45) linksys router with Cisco VPN client", you meant that you were running CISCO VPN Client on all 8 PCs - Aren't you? Would that work with the Microsoft VPN Client instead of the CISCO VPN Client?
TIA
I think I need a cheap VPN router at this end. When you said "behind a cheap ($45) linksys router with Cisco VPN client", you meant that you were running CISCO VPN Client on all 8 PCs - Aren't you? Would that work with the Microsoft VPN Client instead of the CISCO VPN Client?
TIA
Yes, all 8 PCs are w2k/xp with Cisco VPN client, haven't try MS VPN client yet, I think it should work same way. I have that cheap linksys router out there just for short time work around, it definetly works. I also enabled split-tunnel for them at head office, while those PC VPNed in head office, they still can access their local network resources, such as printers etc., not ideally safe implementation...
If you are going to have a number of PCs at one location, a site-to-site VPN is a better choice, you don't have to deal with every PC to install VPN software. Also there is only ONE VPN tunnel between two locations (site-to-site), instead of each PC must maintain their own VPN connection (remote access mode). One thing need to be careful is the VPN site address, make sure no overlapping with head office. In terms of equipment, depends on traffic level, cisco 1721/11, 831 or 1841 are good choice for about 15 people.
If you are going to have a number of PCs at one location, a site-to-site VPN is a better choice, you don't have to deal with every PC to install VPN software. Also there is only ONE VPN tunnel between two locations (site-to-site), instead of each PC must maintain their own VPN connection (remote access mode). One thing need to be careful is the VPN site address, make sure no overlapping with head office. In terms of equipment, depends on traffic level, cisco 1721/11, 831 or 1841 are good choice for about 15 people.
ASKER
Thanks magiccomminc,
Is the linksys router you were talking about is just a ADSL modem router or a VPN router (such as RV042). If it is a VPN router you would not need to run a VPN c software on each XP box and therefore I am assuming that the Linksys router you were talking about is just a plain ADSL mdem router - whtat was the model of the router you were talking about ( may be it is superceded but it will tell me whether we are at the same wavelength talking about the same device/functionalities).
TIA
Is the linksys router you were talking about is just a ADSL modem router or a VPN router (such as RV042). If it is a VPN router you would not need to run a VPN c software on each XP box and therefore I am assuming that the Linksys router you were talking about is just a plain ADSL mdem router - whtat was the model of the router you were talking about ( may be it is superceded but it will tell me whether we are at the same wavelength talking about the same device/functionalities).
TIA
ASKER
Hello magiccommnic - hope you are listening...
Thanks
lakshmanl
Thanks
lakshmanl
"I am assuming that the Linksys router you were talking about is just a plain ADSL mdem router"
--yes, it is a plain netgear router since ISP provided a Cable modem and the model number is: wgr614, but I am pretty sure that most linksys/netgear will do the job. In this case VPN connection is between individual PC and concentrator, IE remote-access mode.
--yes, it is a plain netgear router since ISP provided a Cable modem and the model number is: wgr614, but I am pretty sure that most linksys/netgear will do the job. In this case VPN connection is between individual PC and concentrator, IE remote-access mode.
ASKER
Hi magicomminc,
OK. Thanks.
Just confirming/summing up --- You were able to establish 8 simultaneous VPN "tunnles" on 8 Win XP+SP2 machines uisng CISCO VPN Client (4.6.02) just through a Neetgear WGR614?
If you say YES to the above I am going to award all the marks to you.
Was your concentrator 3005 or 3002 - should not matter, I guess, but just inquisitive?
TIA
OK. Thanks.
Just confirming/summing up --- You were able to establish 8 simultaneous VPN "tunnles" on 8 Win XP+SP2 machines uisng CISCO VPN Client (4.6.02) just through a Neetgear WGR614?
If you say YES to the above I am going to award all the marks to you.
Was your concentrator 3005 or 3002 - should not matter, I guess, but just inquisitive?
TIA
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Most SOHO routers will only support one VPN tunnel at a time. Even the ones that are advertised as supporting multiple VPN's, only support them if they all go to different end points. Since all of yours would go to the same endpoint, I would suggest simply setting up lan-lan tunnels between your dsl router and the end point. You may have to switch to a VPN-endpoint capable router. Linksys has several models to choose from.
What is the VPN endpoint? Is it a Windows server, or IPSEC device?