• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

Is Double VPN connection with XP client, Win2003 VPN server possible?

We have a commercial program that downloads licenses from a license server.  We want to use this program from home by connecting to our company VPN server, but the ip addresses the company hands out don't work because the program only responds to license requests from ip addresses on the same subnet.  Unfortunately we aren't able to 'play' with the company VPN server.  
However, we have a second VPN server that we do control running on Windows2003.  We can't connect to our Win2003 VPN from home unless already connected to the company VPN (due to perimeter firewall).  Therefore, I think the remote user will need to make 2 VPN connections, 1 to the company VPN and then 1 more connection to our Win2003 VPN.  The second connection depends on the first connection.  Is this even possible?  Also, how to insure with a Windows XP laptop that it sends all packets out the interface of the second VPN connection?  Do you need to do route print on XP to view and modify the routing table?

We tried the double VPN connection but the XP laptop still couldn't get a license.  I think the problem is probably that it's sending the license request out the first VPN connection's interface.  It also may be that you can't have a double VPN connection when 1 connection depends on the other(not sure if Windows is smart enough to handle this, or if its even possible)

Let me know if you need more info.
Thanks for the help!
0
ShannonE
Asked:
ShannonE
  • 3
  • 3
1 Solution
 
ShannonEAuthor Commented:
It seems like for a double VPN connection, XP would have to create a packet using the ip address of the second connection, and encapsulate that packet in another packet using the ip address of the first VPN connection.  That's why I said I don't know if Windows is smart enough to do this
0
 
Netman66Commented:
The primary VPN server can be adjusted to hand out addresses from a "pool" which can be configured as local addresses rather than a different subnet.

You'll need to make this point to the people managing the VPN server so they can accommodate you otherwise you may find this next to impossible.

0
 
ShannonEAuthor Commented:
Due to company policies(politics) touching the primary VPN is not an option.  However, for the primary VPN connection, instead of getting it from a 'pool', can you right-click the VPN connection->Properties->Networking tab->Internet Protocol(TCP/IP)->Properties and change it from DHCP mode to a static ip address on the same subnet as the license server, thereby eliminating the need for the second VPN connection?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Netman66Commented:
You can try, but you would need to make an exclusion for the IPs you will use so it doesn't conflict with addresses that may be given out.

You'll have to test this.

0
 
ShannonEAuthor Commented:
I've got someone working from home tomorrow so we're going to try a few things.  Just wondering though why you say the double VPN setup is 'next to impossible'.  Do you know anyone who has tried it?
0
 
Netman66Commented:
How do you intend to use VPN twice?  From the client to the first server then how would you VPN the second time?  This would very likely require split tunnelling even if you could manage it and that would be a routing nightmare.

0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now