Solved

Is Double VPN connection with XP client, Win2003 VPN server possible?

Posted on 2006-07-10
8
459 Views
Last Modified: 2012-06-21
We have a commercial program that downloads licenses from a license server.  We want to use this program from home by connecting to our company VPN server, but the ip addresses the company hands out don't work because the program only responds to license requests from ip addresses on the same subnet.  Unfortunately we aren't able to 'play' with the company VPN server.  
However, we have a second VPN server that we do control running on Windows2003.  We can't connect to our Win2003 VPN from home unless already connected to the company VPN (due to perimeter firewall).  Therefore, I think the remote user will need to make 2 VPN connections, 1 to the company VPN and then 1 more connection to our Win2003 VPN.  The second connection depends on the first connection.  Is this even possible?  Also, how to insure with a Windows XP laptop that it sends all packets out the interface of the second VPN connection?  Do you need to do route print on XP to view and modify the routing table?

We tried the double VPN connection but the XP laptop still couldn't get a license.  I think the problem is probably that it's sending the license request out the first VPN connection's interface.  It also may be that you can't have a double VPN connection when 1 connection depends on the other(not sure if Windows is smart enough to handle this, or if its even possible)

Let me know if you need more info.
Thanks for the help!
0
Comment
Question by:ShannonE
  • 3
  • 3
8 Comments
 
LVL 4

Author Comment

by:ShannonE
Comment Utility
It seems like for a double VPN connection, XP would have to create a packet using the ip address of the second connection, and encapsulate that packet in another packet using the ip address of the first VPN connection.  That's why I said I don't know if Windows is smart enough to do this
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
The primary VPN server can be adjusted to hand out addresses from a "pool" which can be configured as local addresses rather than a different subnet.

You'll need to make this point to the people managing the VPN server so they can accommodate you otherwise you may find this next to impossible.

0
 
LVL 4

Author Comment

by:ShannonE
Comment Utility
Due to company policies(politics) touching the primary VPN is not an option.  However, for the primary VPN connection, instead of getting it from a 'pool', can you right-click the VPN connection->Properties->Networking tab->Internet Protocol(TCP/IP)->Properties and change it from DHCP mode to a static ip address on the same subnet as the license server, thereby eliminating the need for the second VPN connection?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 51

Expert Comment

by:Netman66
Comment Utility
You can try, but you would need to make an exclusion for the IPs you will use so it doesn't conflict with addresses that may be given out.

You'll have to test this.

0
 
LVL 4

Author Comment

by:ShannonE
Comment Utility
I've got someone working from home tomorrow so we're going to try a few things.  Just wondering though why you say the double VPN setup is 'next to impossible'.  Do you know anyone who has tried it?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
Comment Utility
How do you intend to use VPN twice?  From the client to the first server then how would you VPN the second time?  This would very likely require split tunnelling even if you could manage it and that would be a routing nightmare.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now