I recently changed our ISP (from T1 to DSL) and our internal LAN (from 192.168.1.x to 192.168.201.x to because a lot of employees were using the 192.168.1.x range on their home networks, which caused problems setting up VPNs). In this process, I changed from a Netopia router that handled our PPTP VPN tunnels to a Netgear FVS336G, which doesn't support internal PPTP (only PPTP pass-through).
Our Windows 2003 Small Business Server now handles the VPN tunnels, and I've added the PPTP service to the Netgear FVS336G's firewall so that it passes all PPTP traffic to the outside LAN port on our Win2003 SBS.
The Netgear FVS336G also handles several IPSEC tunnels with our offsite offices, which work fine.
I am having a problem, however, with the PPTP VPN tunnels. Users have no problem establishing a PPTP tunnel. However, it seems that they are getting intermitent failures. We use the PPTP VPNs primarly for a Remote Desktop Connection / RDC. I have a separate Win2003 server dedicated to the RDC. Most users can only hold an RDC connection for 1-5 minutes before they are disconnected. They have to close the VPN, reconnect the VPN, and re-open the RDC. Sometimes it works, sometimes it doesn't.
I've had a user try a ping from his home and ping the office gateway (192.168.201.1) and the inside/LAN side of the SBS (192.168.201.220) and packets are passed ok. When they ping the RDC server (192.168.201.142), packets usually don't go through. I can, however, RDC directly into the SBS as the admin and ping the RDC server from there (or anywhere else on the local network, or through any IPSEC tunnel).
I have a feeling that the problem may be between the Win2003 SBS that handles the PPTP tunnel and the Win2003 server that we use for RDCs. I think that the IP addresses used on the SBS may be contributing to the problem, but I'm not sure.
Netgear FVS336G (192.168.201.1) as router passing PPTP to Win2003 SBS outside LAN jack (192.168.201.5)
Win2003 SBS with outside LAN jack as 192.168.201.5 and inside LAN jack to 192.168.201.220. Gateway=192.168.201.1 (I know that this probably defeats the purpose of having 2 LAN jacks set up for being internal/external, but will this cause problems?).
Win2003 Server for RDC. Terminal Sever Licencing also resides on this machine. IP 192.168.201.142; Gateway=192.168.201.1 (should the gateway be set to the Win2003 SBS / 192.168.201.220 instead)?