Solved

2 PC's connecting from the same location through VPN to the same W2K3 server

Posted on 2007-03-23
8
393 Views
Last Modified: 2009-12-16
I have a small remote office (2 PC's: PC-A and PC-B) that simultaneously need to connect to the server at the main office. Distance is about 8km ==> over the internet ==> vpn. Now, at the remote office I have Speedtouch 510 modem/router/4-port switch.
When I start up a vpn connection on PC-A to the main office it works fine. At that time I cannot, however, make a connection from PC-B to the main office - and vice versa. But I would really need both PC's to connect to the server at the main office at the same time. Any ideas? Or better still - concrete solutions?

Many thanks.
Bye. Michael.
0
Comment
Question by:Michael Borchardt
8 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18783525
What you need is a site-to-site VPN.

Practice Lab at setting up site-to-site VPN http://www.microsoft.com/downloads/details.aspx?FamilyID=58a8b58a-5655-4cc1-9d6a-91119b54ae0a&DisplayLang=en
0
 
LVL 6

Expert Comment

by:brasslan
ID: 18783592
I'm guessing that at the moment PC-A & B are using a software VPN connection that handles the encryption to the Speedtouch.

I think you should be able to buy another VPN device to be the VPN endpoint for the remote office.  Then there would only be one VPN connection and you could have as many PC's as you want at the remote branch as you want.

The only concrete solution I can add would be to buy a Cisco Pix for both ends, or something from their new ASA line.  You can't go wrong with the versitility of a Cisco.  They will do everything except brew your coffee in the morning. :-)
0
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
ID: 18783715
The Speedtouch 510 does not support multiple VPN passthrough - that would be your problem.  There are a few solutions... usually dependent on how much you want to spend.  

If this branch office is small (you mentioned just 2 PCs) I would suggest buying a simple multi-VPN passthrough device like the D-Link DSL-2540B to replace your current Speedtouch 510.  Should you decide to keep your current DSL modem, you can buy other routers with the multiple VPN passthrough feature that don't have DSL modems built in (more selections to choose from).  Just note, however, should you keep your Speedtouch and buy a non-DSL modem router, you will need to make it a bridge to disable the routing within the device - otherwise you will have problems.

Going to tunnels or buying Cisco PIX devices woulld definitely be overkill for just two users who are connecting to the main office... nevermind the fact that every manufacturer, although they conform to industry VPN standards, often do not play nice.  With that in mind, should you decide to make a tunnel, your existing router/VPN server may have to be reconfigured - for just two users this may or may not be worth the effort.

Good luck.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18783825
You will likely need to go to a site to site VPN.
-In order use a local router that supports multiple VPN pass through connections, the VPN server end would also have to support NAT-T (Network Address Translation -Traversal). Since the advent of XP SP2, NAT-T between Windows 2003 and XP clients is no longer supported (without registry hacks).
-Using a site to site Windows VPN solution would require a server at the remote site, which is complicated and also very pricey.
-A pair of VPN routers such as the Cisco's suggested earlier (Pix units or the newer ASA5500 series) would be the ideal solution, but if there are budget restrictions, a simple pair of Linksys BEFVP41 routers for less than $100 each, would give you the capabilities you require, plus added security over the current configuration, and slightly better performance. If you wanted to add access for mobile users, stepping up to the Linksys RV042 or Netgear FVS318 would give you that added capability, still under $200 each.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 18783863
Just a comment..  you only need one Cisco VPN hardware appliance, and the Cisco Client..  you can configure the client for both PCs, one using TCP and one using UDP..  I manage over 50 of these for our remote offices and have no problem creating multiple VPN tunnels through these modems...
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18783967
Slick ! I like that!  :-)
Cheers,
--Rob
0
 
LVL 1

Author Comment

by:Michael Borchardt
ID: 18784638
Many thanks for all of your helpfull remarks and suggestions.

[1] -- I agree that site-to-site vpn would be an ideal solution. I've talked to managment about this before, but there are budget worries (you see, we're a small social profit organisation - without funds)

[2] -- However, I have a NetGear FVS114 laying around here. From what I read in LimeSMJ's post that could solve the issue I am facing here.
I would configure the Speedtouch 510 to run in Bridged Ethernet mode. Then hook up the FVS114 to the ST510 and have 4 ports available in the FVS114 for PC's to initiate a vpn connection to the server in the main office. Sound right?
I will give that a try this afternoon and let you know.

Many thanks.
Bye. MIchael.
0
 
LVL 1

Author Comment

by:Michael Borchardt
ID: 18786318
[1] I've set up the ST510 to run in Ethernet bridging mode. The easiest way to do this was to upload a config file, customized to my ISP.
[2] Hooked up the FVS114 as described above
[3] Works like a charm ... ahhh the smell of roses ...

Thank you everyone for your quick and adequate response!

Sincerely,
Bye. Michael.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now