2 PC's connecting from the same location through VPN to the same W2K3 server
I have a small remote office (2 PC's: PC-A and PC-B) that simultaneously need to connect to the server at the main office. Distance is about 8km ==> over the internet ==> vpn. Now, at the remote office I have Speedtouch 510 modem/router/4-port switch.
When I start up a vpn connection on PC-A to the main office it works fine. At that time I cannot, however, make a connection from PC-B to the main office - and vice versa. But I would really need both PC's to connect to the server at the main office at the same time. Any ideas? Or better still - concrete solutions?
Many thanks.
Bye. Michael.
When I start up a vpn connection on PC-A to the main office it works fine. At that time I cannot, however, make a connection from PC-B to the main office - and vice versa. But I would really need both PC's to connect to the server at the main office at the same time. Any ideas? Or better still - concrete solutions?
Many thanks.
Bye. Michael.
I'm guessing that at the moment PC-A & B are using a software VPN connection that handles the encryption to the Speedtouch.
I think you should be able to buy another VPN device to be the VPN endpoint for the remote office. Then there would only be one VPN connection and you could have as many PC's as you want at the remote branch as you want.
The only concrete solution I can add would be to buy a Cisco Pix for both ends, or something from their new ASA line. You can't go wrong with the versitility of a Cisco. They will do everything except brew your coffee in the morning. :-)
I think you should be able to buy another VPN device to be the VPN endpoint for the remote office. Then there would only be one VPN connection and you could have as many PC's as you want at the remote branch as you want.
The only concrete solution I can add would be to buy a Cisco Pix for both ends, or something from their new ASA line. You can't go wrong with the versitility of a Cisco. They will do everything except brew your coffee in the morning. :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You will likely need to go to a site to site VPN.
-In order use a local router that supports multiple VPN pass through connections, the VPN server end would also have to support NAT-T (Network Address Translation -Traversal). Since the advent of XP SP2, NAT-T between Windows 2003 and XP clients is no longer supported (without registry hacks).
-Using a site to site Windows VPN solution would require a server at the remote site, which is complicated and also very pricey.
-A pair of VPN routers such as the Cisco's suggested earlier (Pix units or the newer ASA5500 series) would be the ideal solution, but if there are budget restrictions, a simple pair of Linksys BEFVP41 routers for less than $100 each, would give you the capabilities you require, plus added security over the current configuration, and slightly better performance. If you wanted to add access for mobile users, stepping up to the Linksys RV042 or Netgear FVS318 would give you that added capability, still under $200 each.
-In order use a local router that supports multiple VPN pass through connections, the VPN server end would also have to support NAT-T (Network Address Translation -Traversal). Since the advent of XP SP2, NAT-T between Windows 2003 and XP clients is no longer supported (without registry hacks).
-Using a site to site Windows VPN solution would require a server at the remote site, which is complicated and also very pricey.
-A pair of VPN routers such as the Cisco's suggested earlier (Pix units or the newer ASA5500 series) would be the ideal solution, but if there are budget restrictions, a simple pair of Linksys BEFVP41 routers for less than $100 each, would give you the capabilities you require, plus added security over the current configuration, and slightly better performance. If you wanted to add access for mobile users, stepping up to the Linksys RV042 or Netgear FVS318 would give you that added capability, still under $200 each.
Just a comment.. you only need one Cisco VPN hardware appliance, and the Cisco Client.. you can configure the client for both PCs, one using TCP and one using UDP.. I manage over 50 of these for our remote offices and have no problem creating multiple VPN tunnels through these modems...
Slick ! I like that! :-)
Cheers,
--Rob
Cheers,
--Rob
ASKER
Many thanks for all of your helpfull remarks and suggestions.
[1] -- I agree that site-to-site vpn would be an ideal solution. I've talked to managment about this before, but there are budget worries (you see, we're a small social profit organisation - without funds)
[2] -- However, I have a NetGear FVS114 laying around here. From what I read in LimeSMJ's post that could solve the issue I am facing here.
I would configure the Speedtouch 510 to run in Bridged Ethernet mode. Then hook up the FVS114 to the ST510 and have 4 ports available in the FVS114 for PC's to initiate a vpn connection to the server in the main office. Sound right?
I will give that a try this afternoon and let you know.
Many thanks.
Bye. MIchael.
[1] -- I agree that site-to-site vpn would be an ideal solution. I've talked to managment about this before, but there are budget worries (you see, we're a small social profit organisation - without funds)
[2] -- However, I have a NetGear FVS114 laying around here. From what I read in LimeSMJ's post that could solve the issue I am facing here.
I would configure the Speedtouch 510 to run in Bridged Ethernet mode. Then hook up the FVS114 to the ST510 and have 4 ports available in the FVS114 for PC's to initiate a vpn connection to the server in the main office. Sound right?
I will give that a try this afternoon and let you know.
Many thanks.
Bye. MIchael.
ASKER
[1] I've set up the ST510 to run in Ethernet bridging mode. The easiest way to do this was to upload a config file, customized to my ISP.
[2] Hooked up the FVS114 as described above
[3] Works like a charm ... ahhh the smell of roses ...
Thank you everyone for your quick and adequate response!
Sincerely,
Bye. Michael.
[2] Hooked up the FVS114 as described above
[3] Works like a charm ... ahhh the smell of roses ...
Thank you everyone for your quick and adequate response!
Sincerely,
Bye. Michael.
Practice Lab at setting up site-to-site VPN http://www.microsoft.com/downloads/details.aspx?FamilyID=58a8b58a-5655-4cc1-9d6a-91119b54ae0a&DisplayLang=en