Multiple VPN's

[G Holmes]

I need a little tutoring here.
First: For a server to accept more than 1 VPN link does anything have to
be configured on the host server or is a VPN good for one or many
connections.?
Second: Can more than 1 RDT session be active on the server hosting the
VPN link to the internal network ?

Example.Question; Can the server @ work that is establishing the VPN link
pass thru multiple RDT users to the internal network (my workstation) &
someone else to their workstation simultaneously.?

Thanks
Gene

 

[Bill Sanderson]

This isn't easy to answer:

XP as a host machine can only have one VPN session at a time.

Through that single VPN tunnel, multiple Remote Desktop sessions could be
established.

There may also be issues related to nat/router devices at both ends of the
connection.

If you need more than one VPN connection at the same time, you may need a
server OS--i.e. Windows Server 2003, rather than XP, at the host end.

It'd be best to lay out just what you'd like to be able to do,
though--there's more than one way to do this, and we can give better advice
if you can lay out the numbers of connections you have in mind.

 

[G Holmes]

Thanks Bill,

This is the simplistic layout as of now.
VPN host is a SBS win2000 server connecting thru a router and modem to a DSL
line.
This server will be the "INCOMING" gateway to the internet for the network
workstations for RDT.
Internet access going "OUT" from the network, works fine.
VPN can be established from my home machine to the server, works fine.
I can establish RDT with the server, works fine.
***currently having a problem getting anything thru the server to the
internal machines, think it is a routing issue)***
All home workstations (clients) are win XP Pro.
All workstations @ office (remote host ?) are win XP Pro.
In all we might want to have (3) people connecting to the RDT sessions at a
time.
Just not sure how (3) remote people can do RDT thru 3 seperate VPN's ??

Thanks
Gene

 

[Bill Sanderson]

I think you are in pretty good shape.

You might want to run this by the folks in the SBS newsgroups who provide
excellent support--microsoft.public.windows.server.sbs and
microsoft.public.backoffice.smallbiz2000.

The router adds some complication--the routers almost never specify whether
they can handle inbound PPTP VPN's at all, let alone multiples of them.
However, I've run an NT4-based SBS server in this circumstance--server
behind a Linksys BEFSR11 router, and was able to do multiple inbound vpn
connections--so this may well work fine.

The SBS server is the endpoint of the tunnels--all the router has to do is
allow the traffic in.

Once the VPN is connected, it is (nearly) as though the remote client is on
the local network behind the SBS server--it should be able to do the same
things a client on the lan can do--RD to any workstation or to the server,
for example.

As long as the server is configured to allow the three (or more) VPN
connections, I think this is likely to work just fine.

I would recommend this method (VPN first, then using RD over the VPN) rather
than straight RD through the server--I'm not clear whether you are using the
ISA server firewall, and setting up multiple inbound VPN's through both the
router and ISA firewall isn't something easy to do.

Sooner Al has a web page showing how to set up a Linksys router to allow
multiple inbound RD sessions through--and three isn't an unreasonable number
to try this with, but VPNs are simpler.

 

[Jeffrey Randow (MVP)]

I can specify that most Negear routers will only allow 1 inbound PPTP
and 1 inbound IPSEC tunnel reliably (depending on firmware). The
Microsoft routers support at least three that I have successfully
tested. I have never gotten ANY inbound PPTP tunnels with a DLink
router. I can't test Linksys as they are not reliable enough on SBC
DSL to keep a connection more than 5 minutes at a time.

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Smart Display Support - http://www.smartdisplays.net
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[Lanwench [MVP - Exchange]]

Frankly, I'd suggest looking into a separate firewall appliance like a
Sonicwall that can handle the VPN for you - takes the load off your server
(and with SBS this is *not* a bad idea as it's a DC!) Sonicwall makes 5-user
VPN firewall appliances....

 

[G Holmes]

OK
If I understand this correctly I need to get the VPN ports on the sbs2000
server to let thru or forward to port 3389 so the machines on the inside of
the network can connect to the client on the other end of the VPN tunnel.?
If this is correct where & how do I accomplish this ?

Gene

 

[Jeffrey Randow (MVP)]

If you have successfully made a VPN connection, you are in essence on
the Local LAN and can use the private IP addresses without any need
for additional forwarding. The forwarding is involved when you want
the service to be publically addressible from the internet (w/o the
VPN).

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Smart Display Support - http://www.smartdisplays.net
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone