Solved

Windows 7 VPN users can not connect simultaneously

Posted on 2010-09-03
10
2,928 Views
Last Modified: 2012-08-14
Hello.

I have this issue.

SCENARIO:
I have a LAN (Windows Server 2008) with Windows 7 Professional computers. We are trying to connect 6 of our computers to a remote VPN.

I have a Juniper ScreenOS 6.2.0r6.0 firewall. VPN section has not been configured at all.

ISSUE:
Only one computer is able to connect to the VPN. No simultaneous connection are allowed. Basically the second computer would kick off the previous one connected. Once the "kicked off" computer gets disconnected, when retrying to reconnect, it would give an error

Connecting to vpn.xxxxxxx.com using "WAN Miniport (L2TP)...
Error 800: The Remote Connection was not made because the attempted VPN tunnels failed.

Sometimes i would get also,

Error 619: A Connection to the remote computer could not be established so the port used for this connection was closed.

I've been googling up and down and there is not a clear solution to this. Even here in EX-EX i couldnt find a solution to my problem.

RANDOM THOUGHTS:
I checked the firewall and our policies does not restrict that port or service. Before we set up NEW everything (Servers, Firewalls and Desktop PCs) we were able to communicate perfectly fine. So if the issue is still the firewall, it has to do with allowing multiple connections thru the same service/port/whatever.

Another interesting fact is that if one of this users connects from home, it would not have any issues and it wouldnt kick off the one connected from inside.

One more thing. Our intranet IP schema changed from 192.168..... to 10.10..... it might be a chance that the rule that they created for our previous IP schema (if they had one) is not being applied to our new schema anymore.

Anyone has been in my shoes before.

Thank you
0
Comment
Question by:acampos
  • 4
  • 4
  • 2
10 Comments
 
LVL 2

Expert Comment

by:edwarneke
ID: 33601238
Typically for VPN connections you can only connect one tunnel per external IP address. This may vary based on your VPN software(whether it's MS built in VPN software or a vendor such as Cisco's VPN solution).

Generally there are also issues if your local network has the same IP scheme as the destination networks internal network(IE, both have 192.168.1.x schemas). When you try to talk to server 192.168.1.x, it thinks it's on your local network, so doesn't go out the vpn with that traffic.

You say it worked in the past, did anything change on the network you are VPNing into?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 33603031
Which kind of VPN are you using? If it is PPTP, you need to enable the GRE Application Layer Gateway (via CLI command). And that ALG had several issues over the last two years (I'm in contact with Juniper Support every now and then because of that). 6.2.0r6 should be safe, we did not have issues with GRE on it.

Are you trying to connect all clients to the *same* remote gateway? As said by edwarneke, it depends on many factors if your are able to use multiple connections to the same gateway. Most do not allow that.
There are much better ways to allow for multipe users to use the same (PPTP or L2TP/IPSec) VPN, in particular if you have Windows Server 2003 or above (as you have). The Routing and RAS service there allows for on-demand dial-in and routing in combination with client NAT. That works great in our office.
0
 

Author Comment

by:acampos
ID: 33618796
Ok, it seems i didn't know how to explain myself.

We adquired a new company, in a different state. We are in GA, company in IN. In the old office, we were able to connect to the VPN from GA (simultaneous connections) we had like 6 people connected all the time. Our schema was 192.168.0.x

We moved to a new building. Good reason to upgrade 100% all of our equipment. We got for everybody Windows 7 and we got new servers DELL with Win2008 R2. We also have Juniper as a firewall. This is a new firewall thou. It the VPN section is empty. no one tunnel, configuration, nothing. Our IP schema changed thou. Now we have 10.10.6.x for our desktops PCs.

When these 6 employees tried to connect to the VPN, they were able to do so, but only one at a time. Next one would connect but would kick the previous person connected off.

There are things i don't know about the host i am trying to connect. Like the kind of VPN for example or how they have it configured over there. Supposedly there is a network administrator over there who is taking care of this thing for us. I am gonna get in a couple of hours in the phone with him and try to figure out WHY we can only connect one at the time from the office IF at their end nothing changed. I am assuming that MAYBE our new IP schema is not set up in their firewall\RAS rules to allow us have multiple connections....

I guess once i get on the phone i will have more info to share with you guys. But i wanted make sure i wasnt making an obvious mistake on my side.

Is there anything i have to do in my firewall to allow OUTBOUND multiple connections to that VPN? We didnt have anything set up in the old building.

clueless so far...
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 33619002
If you have outgoing PPTP connections  *crossing*  the Juniper, you will definitively need the PPTP ALG.
0
 

Author Comment

by:acampos
ID: 33619065
Qlemo, excuse my ignorance on the subject. I am new to all this network thing. i am more a software developer. You mean by PPTP ALG that i should create a tunnel or something like that?

what should i exactly need to know from the other end (VPN server)?

Thank you
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 33619128
The simplest method to find out what is really used is to let one user connect to the VPN, and then look on that user's PC which ports are used (e.g. with netstat -n). If you see port 1723, it is PPTP, if it is 1721, it is L2TP with IPSec.
In addition or anyway, you can switch on PPTP ALG on your Juniper. Go into the WebUI, Security, ALG, and tick PPTP. Apply. After that, PPTP should work simultanously.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 33619138
BTW, your IP address change is not related to the issue, as long as you are not using the same subnet as the remote office. I don't think so, else you would have serious issues even when only one client is connected.
0
 
LVL 2

Expert Comment

by:edwarneke
ID: 33619183
Right, very much doubt it's the subnet since you can have one client on and have it work fine. The issue is probably based on PPTP limitations, without specific software/hardware to enable multiple connections from the same network to a VPN host, PPTP doesn't allow it. From what Qlemo says though you should be able to with the Juniper device allow multiple connections.
0
 

Author Comment

by:acampos
ID: 33620691
Qlemo, you are the MAN!!!!

PPTP was unchecked...

Thank you so much. Get those 500 and add it up to your 2,268,691 points ammased so far :)

Thank you all for your time and concern on this thread.
0
 

Author Comment

by:acampos
ID: 33620713
By the way, now i have another issue. They cant print. Local printers are not showing up in the list. But i will research before i start a new thread. Bye and thank you all.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now