AXISTechnology
asked on
VPN/Remote access issues
Hello Board,
I am having issues implementing a viable solution for my client to access data located at an offsite location. Here are some of the details.
Network1
Verizon DSL connection using a newly replaced Westell 7500 modem in bridge mode
Linksys WRVS440N wireless router
Three Dell Power switches
Dell 4900 server running Windows SBS 2003 R2, DHCP, DNS, all patches and updates in place (Server1)
**5 laptops that need to access mail and data from Server2 on Network2. Outlook configured with the FQDN of Exchange on Server2 and mapped drives to the IP addresses of Server2.
Network2
Verizon DSL connection using a new Westell 7500 modem in bridge mode
Dell 2900 server running SBS 2003 R2, Exchange, DHCP, DNS, RAS, all patches and updates in place
The objective is to provide access for the 5 laptops to access Exchange and Data from Server2 on Network2. This is what I have tried without success:
1. Enable Bridge/router option on DSL Modem2 and configure port forwarding for 1723 and 500 to IP address of Server2. Create client VPN connections on the laptops to connect to Server2.
RESULTS: first laptop connects and operates fine, but as additional laptops open the VPN connections, the response times slow and the 3rd and 4th laptops are not able to connect at all.
2. Install second Linksys WRVS4400N on Network2. Place Modem2 in bridge mode. Create VPN passthrough tunnel between the two routers.
RESULTS: laptops connect and sync OK to server but VPN tunnel only stays online for short times. Evenutually, the VPN tunnel would not even connect so I removed Router2 and implemented the next option (#3)
3. Remove Router2, Connect Modem2 to Server2 and configure Windows firewall services. Assign public IP address to NIC1 and allow only SMTP, VPN, TS services. ISA has not been install. Configure laptops with Windows VPN client. The plan was to test the response times with no additional devices connected. If everything is fine, install ISA. I realize the security consequenses of this configuration.
RESULTS: simllar to results in 1st option.
Additional steps that I have performed.
1. Removed/installed updated Broadcom drivers on Server2
2. Installed update firmware on both Linksys Routers
3. Configured DNS forwarding between the two networks
4. Verfied with Verizone, many, many times, line speeds. We are provisioned 7.1M/768K. When I run speed tests, the number vary alot but even when the numbers are low, Verizon swears that they are clean.
I have spent hours if not days on the phone with Dell, Microsoft, Cisco and Verizon. Site to site configurations are not my forte and there may be something that I am overlooking, maybe we are asking for too much of 2 DSL lines. Eventually, the server and laptops will be on the same network, so installing a dedicated T1 line is not a feasible business option.
I have found a few forums that discuss the slow performance of the Linksys WRVS440N. If someone can make a recommendation for a different router with wireless and VPN passthrough capabilities, that would be great. The only thing that I have NOT swapped out yet is the Router1.
Thank you in advance for any and all suggestions.
I am having issues implementing a viable solution for my client to access data located at an offsite location. Here are some of the details.
Network1
Verizon DSL connection using a newly replaced Westell 7500 modem in bridge mode
Linksys WRVS440N wireless router
Three Dell Power switches
Dell 4900 server running Windows SBS 2003 R2, DHCP, DNS, all patches and updates in place (Server1)
**5 laptops that need to access mail and data from Server2 on Network2. Outlook configured with the FQDN of Exchange on Server2 and mapped drives to the IP addresses of Server2.
Network2
Verizon DSL connection using a new Westell 7500 modem in bridge mode
Dell 2900 server running SBS 2003 R2, Exchange, DHCP, DNS, RAS, all patches and updates in place
The objective is to provide access for the 5 laptops to access Exchange and Data from Server2 on Network2. This is what I have tried without success:
1. Enable Bridge/router option on DSL Modem2 and configure port forwarding for 1723 and 500 to IP address of Server2. Create client VPN connections on the laptops to connect to Server2.
RESULTS: first laptop connects and operates fine, but as additional laptops open the VPN connections, the response times slow and the 3rd and 4th laptops are not able to connect at all.
2. Install second Linksys WRVS4400N on Network2. Place Modem2 in bridge mode. Create VPN passthrough tunnel between the two routers.
RESULTS: laptops connect and sync OK to server but VPN tunnel only stays online for short times. Evenutually, the VPN tunnel would not even connect so I removed Router2 and implemented the next option (#3)
3. Remove Router2, Connect Modem2 to Server2 and configure Windows firewall services. Assign public IP address to NIC1 and allow only SMTP, VPN, TS services. ISA has not been install. Configure laptops with Windows VPN client. The plan was to test the response times with no additional devices connected. If everything is fine, install ISA. I realize the security consequenses of this configuration.
RESULTS: simllar to results in 1st option.
Additional steps that I have performed.
1. Removed/installed updated Broadcom drivers on Server2
2. Installed update firmware on both Linksys Routers
3. Configured DNS forwarding between the two networks
4. Verfied with Verizone, many, many times, line speeds. We are provisioned 7.1M/768K. When I run speed tests, the number vary alot but even when the numbers are low, Verizon swears that they are clean.
I have spent hours if not days on the phone with Dell, Microsoft, Cisco and Verizon. Site to site configurations are not my forte and there may be something that I am overlooking, maybe we are asking for too much of 2 DSL lines. Eventually, the server and laptops will be on the same network, so installing a dedicated T1 line is not a feasible business option.
I have found a few forums that discuss the slow performance of the Linksys WRVS440N. If someone can make a recommendation for a different router with wireless and VPN passthrough capabilities, that would be great. The only thing that I have NOT swapped out yet is the Router1.
Thank you in advance for any and all suggestions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your help on this. After reviewing and over-analying every possibility, I finally advised the client that there was not enough up bandwith on the offsite location.
ASKER
Thanks for the comment. Bandwith was definitely a consideration but was something that I was not able to prove. Questions that are still outstanding in this regard
1. Is there a tool that can test bandwith/data traffic between two points?
2. Would a lack of bandwith actually force a VPN tunnel to drop or just bottleneck? Scenerio #2 was created over the weekend when no one was in the office so there was no traffic between the two locations.
3. How do I calculate how much bandwith is needed in order to implement a solution such as this?
I am going to configure each Outlook client with HTTP/RPC connectivity to the Exchange server. I'll copy the personal folders to each laptop for local access and then share the company folder on on of the laptops. I realize that this is a rudimentary solution but at this point is a necessary one.
There were additional issues that needed to be addressed with this project that I will definitely consider if I try something like this again. I hope this basic prep list saves someone else time in their project:
1. Update the drives to all NIC cards that are involved in the connection.
2. Upgrade the routers firmware to the latest version.
3. Download and upload speeds can be tested at DSLReports.com
4. Refer to YOURSBSSERVER/remote for server names and configuration info when configuring Outlook with HTTP/RPC.
5. Linksys recommends MTU setting of 1492 (at least for this router model)
6. Westell 7500 routers do not pass GRE protocol when placed in Bridge/Router mode - GRE is necessary for SSL authentication.