Windows 2000 - Accept multiple VPN from same external IP

[googull]

We are running SBS2000 as simple filer server = no domain, no AD, no DHCP.
VPN is configured over RAS as PPTP and works well for everyone dialing in
from unique locations. But all remote locations with a LAN are unable to
get more than a single VPN to the SBS server at a time. I've checked the
remote routers/modems which all support 4-8 simul VPN connections out. Is
there a setting in Windows 2000 Server that must be configured to accept
multiple VPN connections from the same external IP address(es)? Where?

 

[Robert L [MS-MVP]]

what's the error code when they can't? And how do you assign IP?
For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

We are running SBS2000 as simple filer server = no domain, no AD, no DHCP.
VPN is configured over RAS as PPTP and works well for everyone dialing in
from unique locations. But all remote locations with a LAN are unable to
get more than a single VPN to the SBS server at a time. I've checked the
remote routers/modems which all support 4-8 simul VPN connections out. Is
there a setting in Windows 2000 Server that must be configured to accept
multiple VPN connections from the same external IP address(es)? Where?

 

[Bill Grant]

The point to point connections are made from the client to the server,
so the server sees the client's private IP, not the IP of the NAT device.
The traffic is encrypted and encapsulated before it reaches the NAT.

The only time I have seen this problem, it has been the NAT router at
the client site which limits the number of connections.

 

[googull]

what's the error code when they can't? And how do you assign IP?
Thanks for reply. I get the dialog "Verifying Username and Password" then
"Error 721 - The remote computer did not respond".

The remote site has two PCs on an Actiontec 1524 DSL modem/router. It
supports 4 port VPN pass through via IPSEC. Actiontec confirmed that pass
through for more than 1 port also applied to PPTP. The two PCs running XP
at the remote site can both dial out to different VPN locations. They just
can't both dial our Windows 2000 Server at the same time. Each can get a
VPN to the server only when the other is not connected. Both are using
different user login accounts. I tried this again today at a different site
with a Fujitsu modem/Belkin router with same failure. Actiontec told me
that I needed to enable settings server side to "permit multiple VPN logins
using the same IP address", which made sense to me figuring that the
Actiontec might present the VPNs externally as a single IP address. I've
been unable to figure out how or where I would set this in SBS2000 which is
configured for 9 simultaneous VPN dial-in connections and we regularly have
4-5 active.

 

[Robert L [MS-MVP]]

do one more test. in the lan, have two computers establish the VPN at the same time. post back with the result.
For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

what's the error code when they can't? And how do you assign IP?
Thanks for reply. I get the dialog "Verifying Username and Password" then
"Error 721 - The remote computer did not respond".

The remote site has two PCs on an Actiontec 1524 DSL modem/router. It
supports 4 port VPN pass through via IPSEC. Actiontec confirmed that pass
through for more than 1 port also applied to PPTP. The two PCs running XP
at the remote site can both dial out to different VPN locations. They just
can't both dial our Windows 2000 Server at the same time. Each can get a
VPN to the server only when the other is not connected. Both are using
different user login accounts. I tried this again today at a different site
with a Fujitsu modem/Belkin router with same failure. Actiontec told me
that I needed to enable settings server side to "permit multiple VPN logins
using the same IP address", which made sense to me figuring that the
Actiontec might present the VPNs externally as a single IP address. I've
been unable to figure out how or where I would set this in SBS2000 which is
configured for 9 simultaneous VPN dial-in connections and we regularly have
4-5 active.

 

[googull]

Attempted simultaneous connection as requested - Computer #1 timed out right away with Error 721. Computer #2 time out took a while and reported Error 742 - "Remote Computer does not support the required encryption type". After Computer #2 timed out Computer #1 autoredialed and established the VPN connection. Computer #2 then redialed and timed out with Error 721. Both connect only via PPTP and both are able to connect to the server when the other is not connected. There have been times when both appear to get a VPN established, but one PC usually drops the connection in short order and doesn't report that the connection has been dropped. It isn't noticed until connection use is attempted. Both PCs are running Windows XP.

in message news
do one more test. in the lan, have two computers establish the VPN at the same time. post back with the result.

 

[googull]

We've been down two weeks now and we really need to solve this. Modem company and Network provider repeatedly insist that the current router passes through 4 VPN's tunnels without issue and that, "the Server must be configured to accept multiple VPN connections from the same IP Address". Can anyone please tell me where I can find such a setting in Windows 2000 Server? Is the limitation because I am configuring VPN support via RAS?

 

[googull]

Bob - you've asked several questions, I've answered each in turn. Is there any conclusion or recommendation? Are you with Microsoft or are you one of their partners?
Attempted simultaneous connection as requested - Computer #1 timed out right away with Error 721. Computer #2 time out took a while and reported Error 742 - "Remote Computer does not support the required encryption type". After Computer #2 timed out Computer #1 autoredialed and established the VPN connection. Computer #2 then redialed and timed out with Error 721. Both connect only via PPTP and both are able to connect to the server when the other is not connected. There have been times when both appear to get a VPN established, but one PC usually drops the connection in short order and doesn't report that the connection has been dropped. It isn't noticed until connection use is attempted. Both PCs are running Windows XP.

in message news
do one more test. in the lan, have two computers establish the VPN at the same time. post back with the result.

 

[Robert L [MS-MVP]]

if you get the same issue in the lan, that must be RRAS issue. can I test it?
For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

Attempted simultaneous connection as requested - Computer #1 timed out right away with Error 721. Computer #2 time out took a while and reported Error 742 - "Remote Computer does not support the required encryption type". After Computer #2 timed out Computer #1 autoredialed and established the VPN connection. Computer #2 then redialed and timed out with Error 721. Both connect only via PPTP and both are able to connect to the server when the other is not connected. There have been times when both appear to get a VPN established, but one PC usually drops the connection in short order and doesn't report that the connection has been dropped. It isn't noticed until connection use is attempted. Both PCs are running Windows XP.

in message news
do one more test. in the lan, have two computers establish the VPN at the same time. post back with the result.

 

[Guest]

Hi, Googull

I have the very similar problem as you. Please see my post with subject
"Multiple VPN sessions in same LAN". Have you fix ed your problem yet?

The difference is I can establish two vpn sessions on two PCs to the same
Win2K vpn server when I tests it at home. There is no firewall at home and
the modem is newer.

But I couldn't make it working at work. There is a firewall at work but I
open everything for the workstation but doesn't help.

Yuggie
===================

 

[Bill Grant]

The server itself will only reject a connection if all of its miniports
are busy. If you can establish several connections to the server locally but
not remotely, the problem is almost certainly caused by something else, like
a firewall or a router.

Many SOHO routers are limited to one or two VPN connections. They do not
give you sensible diagnostics. The clients just fail to connect.