Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

PPTP base VPN as provided by microsoft server 2008 R2

Posted on 2013-01-16
2
Medium Priority
?
478 Views
Last Modified: 2013-01-23
I have a PPTP based server at main location.
I have a Cisco Router running IOS 15.X at this location too.

I have a Cisco/Linksys E1000 at remote location.
When I connect a single client to the VPN at remote site it connects and performs well.
When I add a second client the first client and the second client no longer can pass traffic to main sites network.

When at different location that do not have Cisco/Linksys E1000 Firewall I can pass multiple clients to the VPN without any problems or disconnects.

Any ideas on how to correct?
0
Comment
Question by:johnanau
2 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1500 total points
ID: 38786365
First off, the E1000 is not a firewall. It is a basic consumer NAT router. They claim "firewall" because it does do packet-state but that is a far cry from a real firewall business device.

Most consumer routers won't handle more than one PPTP tunnel at a time. It is a limitation of the router, as they are designed for home use, not remote site locations. They simply don't have the networking stack to handle NATing more than one connection and they fall over. This is normally not an issue because a PPTP VPN would be set up in such a way that a user could connect to the network from home or a hotel room. There would not be multiple connections trying to run over the same router.

In a remote office scenario, however, an endpoint VPN tunnel is inefficient. Running multiple VPNs puts a lot of extra strain on the network and a lot of unnecessary encryption and negotiation happens. In such a scenario, you should be looking at a single site-to-site VPN. Then all endpoints at the remote branch will use the same VPN tunnel, so there is only one set of encryption/decryption points. Far more efficient on bandwidth and CPU load.

Maybe your Cisco router supports site-to-site. Maybe not. I know the E1000 does not though so you are looking at replacing or adding *at least* one device. If you really like your Cisco router, you may not need to replace it, just put a VPN device behind it (on one or both ends.) Look at site-to-site VPN appliances and add them to your networks as necessary and that'll solve your issue. But there is no way to get the PPTP VPN working the way you want with the topology and equipment you described.
0
 

Author Closing Comment

by:johnanau
ID: 38812885
Remains to be seen if load is too great.  Ive resolved the issue, but thank you for your response.
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question