Solved

vpn error 800 when accessing sbs 2011

Posted on 2013-01-16
7
2,090 Views
Last Modified: 2013-12-02
I have a remote office with 10 users that are VPNing to our main office sbs2011 server.   the first 5 users have connected  fine.  When I attempt to connect the 6th remote client they get an error 800.  this laptop connected successfully yesterday, when I was setting the office up.  I haven't made any changes to it.  
Is there some setting on the sbs2011 server that has maxed out?  some setting I need to bump up to allow additional vpn tunnels?
0
Comment
Question by:TIGUETX
  • 4
  • 3
7 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 38785124
Did you set up the VPN service on SBS 2011 or are you using one provided by your router? Are you doing PPTP, L2TP, or SSTP? What kind of equipment is at your network's edge?
0
 

Author Comment

by:TIGUETX
ID: 38785345
Yes, I set up the VPN on SBS2011.  I brought the laptop home that was failing to connect Now that 3-4 off the other users have disconnected for the night. I can successfully vpn into the server.  got to be a limit setting on the server
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 38785394
You did not answer any of my other questions...
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:TIGUETX
ID: 38785461
Sorry. PPTP and Comcast Business Class Routers at both ends running 27 down and 7 up  (Not at office, so I can't tell you the brand)

I was hoping to keep this simple, but some of the post on the subject seem to indicate that Multiple VPNs can put a major drain on the network and dedicated VPN routers at both ends creating the tunnel might be the way to go.

I have 2 Cisco rvs4000s gigabit routers with VPN ready to roll if i need them.
0
 

Author Comment

by:TIGUETX
ID: 38785462
also have avail static IPs at both ends
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38785481
PPTP uses GRE as part of the tunnel. Many consumer or lower end NAT devices will not handle more than a few GRE tunnels. After all, how many VPN sessions would the average home user have? So I suspect you are hitting a hard limit of the NAT device. 5 is a nice even number and not uncommon on Linksys and Netgear home/consumer routers.

I usually don't recommend using the provider's equipment as a router. Comcast should be able to provide you just a basic bridge device that does not do NAT and passes all traffic to another router/NAT device. Then you can use whatever you want and not be tied to the provider. For businesses, a basic UTM device is usually the most appropriate. Something like a SonicWall, Watchguard, Calyptix, etc. They will handle the NAT duties, routing duties, and provide *far* better security as well. Additionally they won't have a problem with more PPTP tunnels.

I should also mention that PPTP is really not secure anymore by modern standards. There are tools that can capture the keys and break them down relatively quickly. You should look at using a different VPN protocol if at all possible. I don't think you need to move from using SBS as the termination device so those Cisco's shouldn't be necessary. The RV series isn't exactly robust either, and I've had problems with them, but even if they did work they wouldn't be as secure as a good security device. The RVs are routers and NAT isn't a reliable security boundary. Cisco makes the ASA series for that. So with that in mind, I don't think deploying the routers would be an adequate solution. It may solve the *immediate* problem but it is ignoring the larger issue.
0
 

Author Comment

by:TIGUETX
ID: 38787176
After chasing my tail a bit, I learned that the 5 user ceiling I was hitting on my VPN clients was indeed a setting on my SBS 2011 server.  By default the VPN wizard on sbs2011 limits you to 5 ports.

here is a link to the answer:
http://www.sbsfaq.com/?p=3461

Thanks for your effort cgaligher
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question