PPTP VPN through a IPSEC VPN

M

mlick2

Hi,

I currently have a remote office that is connected back to our
headquarters using a IPSEC VPN. This vpn is a managed service using a
Netgate 7100 on the remote side and a Cisco3k at the main site.

Users at the remote site connect to a business partner using a PPTP
VPN. When they enable "Use default gateway on remote network", there
are no problems and the connection occurs immediatley. However, when
this setting is disabled, the connection takes sometimes up to ten
minutes to connect. Unfortunately, the users need to have their local
access while connected to the vpn.

I have packet captures of the connection attempts if that helps.
Basically, I see the user workstation sending a FIN/ACK and then a RST
packet. This happens for every connection attempt until the connection
is finally made. Once the connection is made, it does not drop and
there are no problems.

Any comments or suggestions will be greatly appreciated.

Thank you in advance,
Matt
 
M

mlick2

Forgot to note that the user workstations are running Windows 2000 SP4.
This has also been tested with XP SP1 with the same results. Also,
the PPTP connection works fine from our main campus.
 
P

Phillip Windell

mlick2 said:
I currently have a remote office that is connected back to our
headquarters using a IPSEC VPN. This vpn is a managed service using a
Netgate 7100 on the remote side and a Cisco3k at the main site.
Click to expand...

You should consider a Site-to-Site (Router-to-Router) VPN solution using the
Netgate and Cisco Devices. Then the users never initiate anything. The two
networks on each side of the VPN would interoperate together just as if they
were in the same room but on different subnets and it would be totally
transparent to the users.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
M

mlick2

The business partner that we are connecting to does not have the option
for a site to site link, so pptp is our only option. All traffic from
the remote office uses the IPSEC tunnel back to our headquarters. So
the pptp is tunneled within the ipsec.
 
P

Phillip Windell

I have no idea what to tell you then.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

PPTP VPN Startup Connect 5
Constant traffic on PPTP VPN Connection 4
PPTP VPN Connection fails to register 13
vpn 1
Win2k DC VPN out doesn't work 2
Certain routers and switches are not accessible through VPN. 0
How do I setup a VPN (PPTP) connection to use braodband 1
VPN....May be Off Topic 7

Top