?
Solved

multiple VPN tunnels through a single ADSL connection

Posted on 2005-05-10
19
Medium Priority
?
1,895 Views
Last Modified: 2008-01-09

I have an ADSL connection and which provides internet/outside connectivity to some 15 Windows XP (SP2) dkstops. They are all connected to the ADSL through a switch. I can establish only one VPN tunnel to our corporate network by setting up a VPN connection in Windows XP. I need to get multiple users access to the corporate network through multiple sessions (tunnels) simultaneoulsy. I have tried wirh two modems, one Netgear and the other NetComm. Is this limitation comes from the ADSL connection or from the ADSL modem router I am using. I am based in Australia. I have asked a couple of service providers and they have not given me a definitive answer.  

TIA.
0
Comment
Question by:lakshmanl
  • 8
  • 7
  • 4
19 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13967823
>from the ADSL modem router I am using
Most SOHO routers will only support one VPN tunnel at a time. Even the ones that are advertised as supporting multiple VPN's, only support them if they all go to different end points. Since all of yours would go to the same endpoint, I would suggest simply setting up lan-lan tunnels between your dsl router and the end point. You may have to switch to a VPN-endpoint capable router. Linksys has several models to choose from.
What is the VPN endpoint? Is it a Windows server, or IPSEC device?

0
 

Author Comment

by:lakshmanl
ID: 13993258
The end point is on CISCO VPN Concentrator. So therefore, it must be going different end points, if I understood correctly what you meant by "endpoints"


Thanks



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14000281
OK, so you want many users on your local LAN to all connect to the same Cisco VPN concentrator at the corporate network?
Probably not going to happen.
My suggestion would be to buy a router that is capable of creating a site-to-site or Lan-to-Lan VPN tunnel instead of multiple clients.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 6

Expert Comment

by:magicomminc
ID: 14004961
"Is this limitation comes from the ADSL connection or from the ADSL modem router I am using."
--it is the ADSL modem router, which doesn't handle IPSec DES/3DES well.
are you using Cisco VPN client on your XP machines? if yes, try this:
open Cisco VPN client, right click VPN profile-->modify-->Transport tab-->check "Enable Transparent Tunneling", "IPSec over UDP (NAT/PAT)".
Make sure at CISCO VPN Concentrator side, that "IPSec over UDP" is enabled as well. you also need latest version of VPN client from Cisco for XP w/sp2.

0
 

Author Comment

by:lakshmanl
ID: 14009355
I am using the "VPN Client" which comes with Windows XP itseld, not the CISCO VPN Clint. I think our corporate VPN concentrator accepts only PPTP connections (We have confgured Windows XP VPNing over PPTP. If I select the option "L2TP IPSec VPN, it complains about not bein able to connect).

My ADSL/Modem router is not CISCO. Can I still run a CISCSCO VPN client on a Windows XP machine sitting behind a non-CISCO ADSL Modem/router box. If yes, is there any particular version?

TIA

0
 
LVL 6

Expert Comment

by:magicomminc
ID: 14013314
"My ADSL/Modem router is not CISCO. Can I still run a CISCSCO VPN client on a Windows XP machine sitting behind a non-CISCO ADSL Modem/router box. If yes, is there any particular version?"
--yes, you can. you need at least Cisco VPN client 4.6.02 for xp w/sp2.
I also suggest to use IPSec DES/3DES protocol since you already got a Cisco concentrator at corperate.
0
 

Author Comment

by:lakshmanl
ID: 14015337
I could noyt locate VPN Client 4.6.02 in the CISCO website. I could locate only 4.6 and then VPN 5000 client. I is not entirely clear in the documentation whether VPN Client 5000 works with a 300x concentrator though.

I will give a shot at both and see how it goes. One thing though, I can not select L2TP IPSec when using Microsoft Windows XP VPN client- it will not talk to the concentrator unless I selecct PPTP.

TIA
0
 
LVL 6

Expert Comment

by:magicomminc
ID: 14015894
here is the url for latest VPN client, you will need CCO from Cisco to access it:
http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-3des
As I suggested, try IPSec 3DES, it's more secure and well implemented specialy when you got Cisco Concentrator at the other end.
BTW: do you know the model number and OS version?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14017513
You're still going to end up with the same problem. Only one VPN tunnel of each type, whether you use Microsoft PPTP or Cisco IPSEC, can be connected from your location to the same VPn3000 concentrator at the same time. You could have two, one PPTP and one IPSEC, but that won't serve all 15 workstations.
You *really* need to swap out  your local router for one that is capable of creating a lan-lan tunnel with the VPN 3000. I suggest a Linksys RV042 for around $175
Do you control the VPN3000? If not, it may not even be setup to allow you to use the Cisco client.
0
 
LVL 6

Expert Comment

by:magicomminc
ID: 14020176
I have a Cisco concentrator 3005 at head office, and at one remote location with 8 PCs all behind a cheap ($45) linksys router with Cisco VPN client, all PCs are VPNed to head office at SAME time, no problem.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14020777
Thanks, magicomminc. Can I assume that you use UDP encapsulation, or do you use TCP?

0
 
LVL 6

Expert Comment

by:magicomminc
ID: 14020832
no prob. IPSec over UDP.
0
 

Author Comment

by:lakshmanl
ID: 14043064
Thanks magiccomminc,

I think I need a cheap VPN router at this end. When you said "behind a cheap ($45) linksys router with Cisco VPN client", you meant that you were running CISCO VPN Client on all 8 PCs -  Aren't you?  Would that work with the Microsoft VPN Client instead of the CISCO VPN Client?

TIA

0
 
LVL 6

Expert Comment

by:magicomminc
ID: 14048073
Yes, all 8 PCs are w2k/xp with Cisco VPN client, haven't try MS VPN client yet, I think it should work same way. I have that cheap linksys router out there just for short time work around, it definetly works. I also enabled split-tunnel for them at head office, while those PC VPNed in head office, they still can access their local network resources, such as printers etc., not ideally safe implementation...
If you are going to have a number of PCs at one location, a site-to-site VPN is a better choice, you don't have to deal with every PC to install VPN software. Also there is only ONE VPN tunnel between two locations (site-to-site), instead of each PC must maintain their own VPN connection (remote access mode). One thing need to be careful is the VPN site address, make sure no overlapping with head office. In terms of equipment, depends on traffic level, cisco 1721/11, 831 or 1841 are good choice for about 15 people.
0
 

Author Comment

by:lakshmanl
ID: 14073542
Thanks magiccomminc,

Is the linksys router you were  talking about is just a ADSL modem router or a VPN router (such as RV042). If it is a VPN router you would not need to run a VPN c software on each XP box and therefore I am assuming that the Linksys router you were  talking about is just a plain ADSL mdem router -  whtat was the model of the router you were talking about ( may be it is superceded but it will tell me whether we are at the same wavelength talking about the same device/functionalities).

TIA

0
 

Author Comment

by:lakshmanl
ID: 14092103
Hello magiccommnic -  hope you are listening...

Thanks

lakshmanl
0
 
LVL 6

Expert Comment

by:magicomminc
ID: 14103895
"I am assuming that the Linksys router you were  talking about is just a plain ADSL mdem router"
--yes, it is a plain netgear router since ISP provided a Cable modem and the model number is: wgr614, but I am pretty sure that most linksys/netgear will do the job. In this case VPN connection is between individual PC and concentrator, IE remote-access mode.
0
 

Author Comment

by:lakshmanl
ID: 14103911
Hi magicomminc,

OK. Thanks.  

Just confirming/summing up --- You were able to establish 8 simultaneous VPN "tunnles" on 8 Win XP+SP2  machines uisng CISCO VPN Client (4.6.02) just through a Neetgear WGR614?

If you say YES to  the above I am going to award all the marks to you.

Was your concentrator 3005 or 3002  -  should not matter, I guess,  but just inquisitive?

TIA

0
 
LVL 6

Accepted Solution

by:
magicomminc earned 2000 total points
ID: 14103922
yes, that is exactly what I have for more than one locations: 8 simultaneous VPN "tunnles" on 8 Win XP+SP2  machines uisng CISCO VPN Client (4.6.02) just through a Neetgear WGR614! and I am very sure this is not something new and many linksys/netgear will work fine since I do have different models in other locations but they are all the saome kind (class, about $70).
My cisco concentrator is 3005 with 64MB RAM, 3002 is actually a hardware VPN client, not a concentrator.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question