Sign in with
Sign up | Sign in
Your question

Multiple VPN via ADSL Gateway?

Last response: in Networking
Share
Anonymous
April 20, 2004 11:08:26 AM

Archived from groups: comp.dcom.vpn (More info?)

Hi this may be a stupid question but I'm not sure how VPN works so I
don't really understand the limitations.

I have a home ADSL Wireless Gateway (US Robotics USR9106).

Myself and my wife both work for the same company, and we connect to
our company via a VPN client to access email and so on.

What we have found is that only one of us can connect to the VPN at a
time, and indeed once one of us connects, the other cannot connect for
a while even if the first person logs out.

According to the specs, my Gateway has "VPN Traversal (Pass-through
IPSec, PPTP, L2TP)" but frankly I have no clue whether I have set this
up properly.

Is this a limitation of my hardware that I can only have one VPN
connection active at a time or can I change some settings to allow
this?
cheers
p
Anonymous
April 21, 2004 10:33:35 PM

Archived from groups: comp.dcom.vpn (More info?)

Some devices only allow one session for vpn. They may not specify, but if
you call them, they may be able to shed some light.

Raymond Dias

"Patrick Warner" <warner_patrick@hotmail.com> wrote in message
news:8e06f44d.0404200608.742e5d8e@posting.google.com...
> Hi this may be a stupid question but I'm not sure how VPN works so I
> don't really understand the limitations.
>
> I have a home ADSL Wireless Gateway (US Robotics USR9106).
>
> Myself and my wife both work for the same company, and we connect to
> our company via a VPN client to access email and so on.
>
> What we have found is that only one of us can connect to the VPN at a
> time, and indeed once one of us connects, the other cannot connect for
> a while even if the first person logs out.
>
> According to the specs, my Gateway has "VPN Traversal (Pass-through
> IPSec, PPTP, L2TP)" but frankly I have no clue whether I have set this
> up properly.
>
> Is this a limitation of my hardware that I can only have one VPN
> connection active at a time or can I change some settings to allow
> this?
> cheers
> p
Anonymous
April 21, 2004 11:19:47 PM

Archived from groups: comp.dcom.vpn (More info?)

"Patrick Warner" <warner_patrick@hotmail.com> wrote in message
news:8e06f44d.0404200608.742e5d8e@posting.google.com...
> Hi this may be a stupid question but I'm not sure how VPN works so I
> don't really understand the limitations.
>
> I have a home ADSL Wireless Gateway (US Robotics USR9106).
>
> Myself and my wife both work for the same company, and we connect to
> our company via a VPN client to access email and so on.
>
> What we have found is that only one of us can connect to the VPN at a
> time, and indeed once one of us connects, the other cannot connect for
> a while even if the first person logs out.

this does happen frequently - 1st point of call should be your company
support, since some or all of the stuff needed to get around this may
involve them in making some changes.

there are lots of different ways to implement a VPN, and it isnt obvious
which you are using. it sounds like you have a VPN client using UDP or raw
IPsec to talk to the VPN server at the office.

what can happen is that the VPN client and / or the router support the VPN
link, but either the protocol used or the central VPN server doesnt
understand how to "untangle" 2 connections at the same remote IP address.

if you can, try configuring the clients for TCP encapsulation of IPsec, or
setting the 2 clients to use different VPN methods - what is feasible will
depend on the vpn hardware, software and config in place.
>
> According to the specs, my Gateway has "VPN Traversal (Pass-through
> IPSec, PPTP, L2TP)" but frankly I have no clue whether I have set this
> up properly.

not sure what this means - most recent VPN clients work without any help
from the router - so long as they are configured in the right way.
>
> Is this a limitation of my hardware that I can only have one VPN
> connection active at a time or can I change some settings to allow
> this?
> cheers
> p
--
Regards

Stephen Hope - return address needs fewer xxs
Related resources
Anonymous
April 21, 2004 11:25:21 PM

Archived from groups: comp.dcom.vpn (More info?)

On 20 Apr 2004, Patrick Warner <warner_patrick@hotmail.com> wrote:
> Hi this may be a stupid question but I'm not sure how VPN works so I
> don't really understand the limitations.
>
> I have a home ADSL Wireless Gateway (US Robotics USR9106).
>
> Myself and my wife both work for the same company, and we connect to
> our company via a VPN client to access email and so on.
>
> What we have found is that only one of us can connect to the VPN at a
> time, and indeed once one of us connects, the other cannot connect for
> a while even if the first person logs out.
>
> According to the specs, my Gateway has "VPN Traversal (Pass-through
> IPSec, PPTP, L2TP)" but frankly I have no clue whether I have set this
> up properly.

Depending on the type of VPN, maybe you need a hardware router that can
handle the VPN instead of software on each computer. At our office we
have a device which gives us DHCP addresses and handles the VPN to our
factory via SDSL. Traffic between private IPs is routed over the VPN and
traffic to public IPs is NAT'd to the internet. So the subnet for each
office is tied to our factory via VPN as one big private WAN.

--
David Efflandt - All spam ignored http://www.de-srv.com/
Anonymous
April 22, 2004 9:12:41 AM

Archived from groups: comp.dcom.vpn (More info?)

Thanks for taking the time to reply to my message.

"shope" <stephen_hope@xntlxworld.com> wrote in message news:<1Vyhc.87$B21.18@newsfe1-win>...
>
> this does happen frequently - 1st point of call should be your company
> support, since some or all of the stuff needed to get around this may
> involve them in making some changes.

I am already talking to the support guys at my company they are
looking into it but don't know how to solve yet.

>
> there are lots of different ways to implement a VPN, and it isnt obvious
> which you are using. it sounds like you have a VPN client using UDP or raw
> IPsec to talk to the VPN server at the office.
>
> what can happen is that the VPN client and / or the router support the VPN
> link, but either the protocol used or the central VPN server doesnt
> understand how to "untangle" 2 connections at the same remote IP address.
>
> if you can, try configuring the clients for TCP encapsulation of IPsec, or
> setting the 2 clients to use different VPN methods - what is feasible will
> depend on the vpn hardware, software and config in place.
> >

We are using Nortel Networks Contivity VPN Client. Looking in the
options for the client I don't see anything about switching on TCP
encapsulation. Is this something that would have to be done at the
server side?


> > According to the specs, my Gateway has "VPN Traversal (Pass-through
> > IPSec, PPTP, L2TP)" but frankly I have no clue whether I have set this
> > up properly.
>
> not sure what this means - most recent VPN clients work without any help
> from the router - so long as they are configured in the right way.

OK - so what you are saying is that the whether this works or not
should be independent of my router/gateway hardware? I hope that's
true, but how does that relate to other messages I have seen which
state that certain routers "only support one VPN tunnel at a time".

cheers
p
Anonymous
April 23, 2004 2:16:40 AM

Archived from groups: comp.dcom.vpn (More info?)

"Patrick Warner" <warner_patrick@hotmail.com> wrote in message
news:8e06f44d.0404220412.5ec7e766@posting.google.com...
> Thanks for taking the time to reply to my message.
>
> "shope" <stephen_hope@xntlxworld.com> wrote in message
news:<1Vyhc.87$B21.18@newsfe1-win>...
> >
> > this does happen frequently - 1st point of call should be your company
> > support, since some or all of the stuff needed to get around this may
> > involve them in making some changes.
>
> I am already talking to the support guys at my company they are
> looking into it but don't know how to solve yet.
>
> >
> > there are lots of different ways to implement a VPN, and it isnt obvious
> > which you are using. it sounds like you have a VPN client using UDP or
raw
> > IPsec to talk to the VPN server at the office.
> >
> > what can happen is that the VPN client and / or the router support the
VPN
> > link, but either the protocol used or the central VPN server doesnt
> > understand how to "untangle" 2 connections at the same remote IP
address.
> >
> > if you can, try configuring the clients for TCP encapsulation of IPsec,
or
> > setting the 2 clients to use different VPN methods - what is feasible
will
> > depend on the vpn hardware, software and config in place.
> > >
>
> We are using Nortel Networks Contivity VPN Client. Looking in the
> options for the client I don't see anything about switching on TCP
> encapsulation. Is this something that would have to be done at the
> server side?

if the client cant do it then you may be stuck - there are lots of different
clients, and lots of different ways to support NAT - some may limit you to 1
client per remote site router.

you could always get your support team to ask Nortel, or wherever you bought
this stuff.
>
>
> > > According to the specs, my Gateway has "VPN Traversal (Pass-through
> > > IPSec, PPTP, L2TP)" but frankly I have no clue whether I have set this
> > > up properly.
> >
> > not sure what this means - most recent VPN clients work without any help
> > from the router - so long as they are configured in the right way.
>
> OK - so what you are saying is that the whether this works or not
> should be independent of my router/gateway hardware? I hope that's
> true, but how does that relate to other messages I have seen which
> state that certain routers "only support one VPN tunnel at a time".

this is about ipsec and UDP encapsulation - tcp encap stuff on the clients i
have used (cisco) doesnt have a problem with multiple clients via the same
router, but the VPN server in the centre may not like 2 devices from the
same source IP address (your router WAN port).
>
> cheers
> p
--
Regards

Stephen Hope - return address needs fewer xxs
!