How to enable VPN on my 2nd computer ?
Hello,
I'm using Microsoft's PPTP VPN to connect my network (which includes a Dlink DI-604 router) with remote computers.
All use Windows XP SP2.
Now - There are no problems when the remote computer establish a vpn connection to my network... (after enabling VPN Pass Through for PPTP and opening port 1723).
But when a second remote computer tries to establish a VPN connection with the same host - I get an error - saying that a VPN connection has already been established and that a second one can't be established...
OK, so I thought that I could open a second VPN server on the other computer on my network - but now - I have to open port 1723 for incoming connection (for the 2nd computer on my network) ... so I
have set additional port forwarding on my Virtual Server list on my router - and set it to :
Private port : 1723
Public port: 1800.
But when I try to connect with the VPN client to that computer in the following format for host name: "Hostname:1800" - I get an error# 800.
No other firewalls are present.
So I can't connect the 2nd remote computer to my VPN server.
Is there a way to by pass the problem ?
Additional questions:
I have also noticed internet inactivity and dramatic reduction in internet speed on the client side of the VPN connection - is this normal ? and is there a way to solve the problem by e.g reducing the MTU or using a different protocol (like IPSec).
I would also like to know whether other VPN's such as:
Symantec Enterprise VPN
Nortel
VPNRemote
PGP
SecureRemote
- do a better job than Microsoft's built-in VPN...
Thanks, Meir.
I'm using Microsoft's PPTP VPN to connect my network (which includes a Dlink DI-604 router) with remote computers.
All use Windows XP SP2.
Now - There are no problems when the remote computer establish a vpn connection to my network... (after enabling VPN Pass Through for PPTP and opening port 1723).
But when a second remote computer tries to establish a VPN connection with the same host - I get an error - saying that a VPN connection has already been established and that a second one can't be established...
OK, so I thought that I could open a second VPN server on the other computer on my network - but now - I have to open port 1723 for incoming connection (for the 2nd computer on my network) ... so I
have set additional port forwarding on my Virtual Server list on my router - and set it to :
Private port : 1723
Public port: 1800.
But when I try to connect with the VPN client to that computer in the following format for host name: "Hostname:1800" - I get an error# 800.
No other firewalls are present.
So I can't connect the 2nd remote computer to my VPN server.
Is there a way to by pass the problem ?
Additional questions:
I have also noticed internet inactivity and dramatic reduction in internet speed on the client side of the VPN connection - is this normal ? and is there a way to solve the problem by e.g reducing the MTU or using a different protocol (like IPSec).
I would also like to know whether other VPN's such as:
Symantec Enterprise VPN
Nortel
VPNRemote
PGP
SecureRemote
- do a better job than Microsoft's built-in VPN...
Thanks, Meir.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>"The CISCO851W costs about $380 and installation is $150 !!!"
Cisco's are a science of there own, and if you have no experience with them it may be a fairly daunting task. It is a very expensive and time consuming task to become a Cisco technician. $150 is actually a pretty good deal in my opinion. The advantage of you doing it is maintenance down the road. I haven't set up the Cisco units but they do have a graphical interface that may allow you to do so. I am afraid I am not much help with that part. You can purchase with your Cisco a SmartNet support contract which I highly recommend and they will help walk you through your configuration.
A Cisco VPN router will allow you to use the Cisco VPN client which is more secure than the Windows one. You can also use the Cisco router at the office to better secure it's network from the VPN clients, including not allowing split-tunneling (by default) which isolates the remote/client user from there own network while connected by VPN.
Be careful in selecting the Cisco units you wish to use. They have numerous license limits such as the number of local Internet users and the number of simultaneous VPN connections they will support. I am not familiar with the 850 series but in a quick read I saw a 5 VPN tunnel limit.
Cisco's are a science of there own, and if you have no experience with them it may be a fairly daunting task. It is a very expensive and time consuming task to become a Cisco technician. $150 is actually a pretty good deal in my opinion. The advantage of you doing it is maintenance down the road. I haven't set up the Cisco units but they do have a graphical interface that may allow you to do so. I am afraid I am not much help with that part. You can purchase with your Cisco a SmartNet support contract which I highly recommend and they will help walk you through your configuration.
A Cisco VPN router will allow you to use the Cisco VPN client which is more secure than the Windows one. You can also use the Cisco router at the office to better secure it's network from the VPN clients, including not allowing split-tunneling (by default) which isolates the remote/client user from there own network while connected by VPN.
Be careful in selecting the Cisco units you wish to use. They have numerous license limits such as the number of local Internet users and the number of simultaneous VPN connections they will support. I am not familiar with the 850 series but in a quick read I saw a 5 VPN tunnel limit.
ASKER
Thanks for your replies.
I have contacted my ISP technical support team, and they said - they will help me configure the router(since I buy it from them) ... I always like to do things myself so that when something goes wrong - I know what to do...
They said they will configure the router (with me) to work in sync with the router at the office, and only with it... no other router/client will be able to communicate with that Office Cisco router(for security reasons), and they might also need to upgrade the office router's OS to work with VPN.
VPN is a wonderful thing, I didn't get deep into it yet...there's still a long way for me to understand the encryption and certificates stuff... (I'm studying this subject).
The only downside with VPN that I have noticed is the slim upload that I get from my ISP... and which causes terrible delays in traffic. Since my connection to the internet is through ADSL on both sides of the tunnel - the Download speeds are quite good but the uploads are in no proportion very small. And I think that unlike surfing the internet - VPN requires a higher rate of upload (at least on the server's side though it would have been great if it was distributed 50/50 for either side of the tunnel).
Of course, I can ask my ISP to increase my upload speeds, but it will never be even half the download speed...it seems that with the current technology it is not possible to do so ? what's in your opinion should be the proper upload speed for normal communication on both sides of the tunnel ?
Thanks again for your help, now I understand much more about VPN...
I will just wait for your final reply before closing this thread.
Thanks, Meir.
I have contacted my ISP technical support team, and they said - they will help me configure the router(since I buy it from them) ... I always like to do things myself so that when something goes wrong - I know what to do...
They said they will configure the router (with me) to work in sync with the router at the office, and only with it... no other router/client will be able to communicate with that Office Cisco router(for security reasons), and they might also need to upgrade the office router's OS to work with VPN.
VPN is a wonderful thing, I didn't get deep into it yet...there's still a long way for me to understand the encryption and certificates stuff... (I'm studying this subject).
The only downside with VPN that I have noticed is the slim upload that I get from my ISP... and which causes terrible delays in traffic. Since my connection to the internet is through ADSL on both sides of the tunnel - the Download speeds are quite good but the uploads are in no proportion very small. And I think that unlike surfing the internet - VPN requires a higher rate of upload (at least on the server's side though it would have been great if it was distributed 50/50 for either side of the tunnel).
Of course, I can ask my ISP to increase my upload speeds, but it will never be even half the download speed...it seems that with the current technology it is not possible to do so ? what's in your opinion should be the proper upload speed for normal communication on both sides of the tunnel ?
Thanks again for your help, now I understand much more about VPN...
I will just wait for your final reply before closing this thread.
Thanks, Meir.
>>"they will help me configure the router(since I buy it from them) ... I always like to do things myself so that when something goes wrong - I know what to do..."
Agreed, good idea.
As for speeds, it depends on what you want to do. Download speeds are always <1/2 upload, but VPN's can work extremely well, and the VPN is not causing the slow speed, that is more the connection. Though VPN's have a little more overhead with encrypting and unencrypting, it is very minimal. File sharing works well over most VPN's but it is definitely slower. Where they really shine is using remote desktop to access your work computer to work remotely. The one thing that generally does not work well over a VPN is a standard database application such as Access and many accounting programs.
Agreed, good idea.
As for speeds, it depends on what you want to do. Download speeds are always <1/2 upload, but VPN's can work extremely well, and the VPN is not causing the slow speed, that is more the connection. Though VPN's have a little more overhead with encrypting and unencrypting, it is very minimal. File sharing works well over most VPN's but it is definitely slower. Where they really shine is using remote desktop to access your work computer to work remotely. The one thing that generally does not work well over a VPN is a standard database application such as Access and many accounting programs.
Thanks Meir,
--Rob
--Rob
ASKER
Since I already have A cisco router at work - I will purchase another one for home... (this time wireless...)
The CISCO851W costs about $380 and installation is $150 !!!
I think that $150 for the installation is an exaggeration...do you think so too ?
Could it be possible that with the manual that comes with the router - I could configure the router myself ?
In general securing & setting a VPN between two routers should be a simple job....
Could you explain the procedure for setting VPN between two routers or provide a link to a web site that explains the procedure... ?
Plus - will the VPN connection will degrade the internet performance on either side of the tunnel ? - are there any special adjustments needed for keeping the internet performance high ?
And are there any security measures that I need to take at home (since the router at home is going to be wireless ... the problem is not necessarily breaking the VPN code... but an unauthorized access to the Office VPN).
And anyways, your solution is good for non-mobile solutions... but since I'm gonna travel with my notebook - I will be forced to use a software client to connect to the Office VPN... will Cisco provide me with a suitable client or will I just use the XP's VPN client ?
Thanks again.