• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 486
  • Last Modified:

PPTP base VPN as provided by microsoft server 2008 R2

I have a PPTP based server at main location.
I have a Cisco Router running IOS 15.X at this location too.

I have a Cisco/Linksys E1000 at remote location.
When I connect a single client to the VPN at remote site it connects and performs well.
When I add a second client the first client and the second client no longer can pass traffic to main sites network.

When at different location that do not have Cisco/Linksys E1000 Firewall I can pass multiple clients to the VPN without any problems or disconnects.

Any ideas on how to correct?
1 Solution
Cliff GaliherCommented:
First off, the E1000 is not a firewall. It is a basic consumer NAT router. They claim "firewall" because it does do packet-state but that is a far cry from a real firewall business device.

Most consumer routers won't handle more than one PPTP tunnel at a time. It is a limitation of the router, as they are designed for home use, not remote site locations. They simply don't have the networking stack to handle NATing more than one connection and they fall over. This is normally not an issue because a PPTP VPN would be set up in such a way that a user could connect to the network from home or a hotel room. There would not be multiple connections trying to run over the same router.

In a remote office scenario, however, an endpoint VPN tunnel is inefficient. Running multiple VPNs puts a lot of extra strain on the network and a lot of unnecessary encryption and negotiation happens. In such a scenario, you should be looking at a single site-to-site VPN. Then all endpoints at the remote branch will use the same VPN tunnel, so there is only one set of encryption/decryption points. Far more efficient on bandwidth and CPU load.

Maybe your Cisco router supports site-to-site. Maybe not. I know the E1000 does not though so you are looking at replacing or adding *at least* one device. If you really like your Cisco router, you may not need to replace it, just put a VPN device behind it (on one or both ends.) Look at site-to-site VPN appliances and add them to your networks as necessary and that'll solve your issue. But there is no way to get the PPTP VPN working the way you want with the topology and equipment you described.
johnanauAuthor Commented:
Remains to be seen if load is too great.  Ive resolved the issue, but thank you for your response.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now