Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


vpn error 800 when accessing sbs 2011

Posted on 2013-01-16
Medium Priority
Last Modified: 2013-12-02
I have a remote office with 10 users that are VPNing to our main office sbs2011 server.   the first 5 users have connected  fine.  When I attempt to connect the 6th remote client they get an error 800.  this laptop connected successfully yesterday, when I was setting the office up.  I haven't made any changes to it.  
Is there some setting on the sbs2011 server that has maxed out?  some setting I need to bump up to allow additional vpn tunnels?
Question by:TIGUETX
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 59

Expert Comment

by:Cliff Galiher
ID: 38785124
Did you set up the VPN service on SBS 2011 or are you using one provided by your router? Are you doing PPTP, L2TP, or SSTP? What kind of equipment is at your network's edge?

Author Comment

ID: 38785345
Yes, I set up the VPN on SBS2011.  I brought the laptop home that was failing to connect Now that 3-4 off the other users have disconnected for the night. I can successfully vpn into the server.  got to be a limit setting on the server
LVL 59

Expert Comment

by:Cliff Galiher
ID: 38785394
You did not answer any of my other questions...
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 38785461
Sorry. PPTP and Comcast Business Class Routers at both ends running 27 down and 7 up  (Not at office, so I can't tell you the brand)

I was hoping to keep this simple, but some of the post on the subject seem to indicate that Multiple VPNs can put a major drain on the network and dedicated VPN routers at both ends creating the tunnel might be the way to go.

I have 2 Cisco rvs4000s gigabit routers with VPN ready to roll if i need them.

Author Comment

ID: 38785462
also have avail static IPs at both ends
LVL 59

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 38785481
PPTP uses GRE as part of the tunnel. Many consumer or lower end NAT devices will not handle more than a few GRE tunnels. After all, how many VPN sessions would the average home user have? So I suspect you are hitting a hard limit of the NAT device. 5 is a nice even number and not uncommon on Linksys and Netgear home/consumer routers.

I usually don't recommend using the provider's equipment as a router. Comcast should be able to provide you just a basic bridge device that does not do NAT and passes all traffic to another router/NAT device. Then you can use whatever you want and not be tied to the provider. For businesses, a basic UTM device is usually the most appropriate. Something like a SonicWall, Watchguard, Calyptix, etc. They will handle the NAT duties, routing duties, and provide *far* better security as well. Additionally they won't have a problem with more PPTP tunnels.

I should also mention that PPTP is really not secure anymore by modern standards. There are tools that can capture the keys and break them down relatively quickly. You should look at using a different VPN protocol if at all possible. I don't think you need to move from using SBS as the termination device so those Cisco's shouldn't be necessary. The RV series isn't exactly robust either, and I've had problems with them, but even if they did work they wouldn't be as secure as a good security device. The RVs are routers and NAT isn't a reliable security boundary. Cisco makes the ASA series for that. So with that in mind, I don't think deploying the routers would be an adequate solution. It may solve the *immediate* problem but it is ignoring the larger issue.

Author Comment

ID: 38787176
After chasing my tail a bit, I learned that the 5 user ceiling I was hitting on my VPN clients was indeed a setting on my SBS 2011 server.  By default the VPN wizard on sbs2011 limits you to 5 ports.

here is a link to the answer:

Thanks for your effort cgaligher

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous article  ( one possible method to get SCCM 2007 installed an…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question