Solved

PPTP base VPN as provided by microsoft server 2008 R2

Posted on 2013-01-16
2
475 Views
Last Modified: 2013-01-23
I have a PPTP based server at main location.
I have a Cisco Router running IOS 15.X at this location too.

I have a Cisco/Linksys E1000 at remote location.
When I connect a single client to the VPN at remote site it connects and performs well.
When I add a second client the first client and the second client no longer can pass traffic to main sites network.

When at different location that do not have Cisco/Linksys E1000 Firewall I can pass multiple clients to the VPN without any problems or disconnects.

Any ideas on how to correct?
0
Comment
Question by:johnanau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38786365
First off, the E1000 is not a firewall. It is a basic consumer NAT router. They claim "firewall" because it does do packet-state but that is a far cry from a real firewall business device.

Most consumer routers won't handle more than one PPTP tunnel at a time. It is a limitation of the router, as they are designed for home use, not remote site locations. They simply don't have the networking stack to handle NATing more than one connection and they fall over. This is normally not an issue because a PPTP VPN would be set up in such a way that a user could connect to the network from home or a hotel room. There would not be multiple connections trying to run over the same router.

In a remote office scenario, however, an endpoint VPN tunnel is inefficient. Running multiple VPNs puts a lot of extra strain on the network and a lot of unnecessary encryption and negotiation happens. In such a scenario, you should be looking at a single site-to-site VPN. Then all endpoints at the remote branch will use the same VPN tunnel, so there is only one set of encryption/decryption points. Far more efficient on bandwidth and CPU load.

Maybe your Cisco router supports site-to-site. Maybe not. I know the E1000 does not though so you are looking at replacing or adding *at least* one device. If you really like your Cisco router, you may not need to replace it, just put a VPN device behind it (on one or both ends.) Look at site-to-site VPN appliances and add them to your networks as necessary and that'll solve your issue. But there is no way to get the PPTP VPN working the way you want with the topology and equipment you described.
0
 

Author Closing Comment

by:johnanau
ID: 38812885
Remains to be seen if load is too great.  Ive resolved the issue, but thank you for your response.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question