[vpn-help] VPN Connection Problems
Kevin VPN
kvpn at live.com
Mon Nov 7 21:05:17 CST 2011
On 10/26/2011 11:05 PM, Joshua Joyce wrote:
> Experts:
>
...
>
> I have been having problems with the multiple stations kicking off
> the the stations that connected prior. I juggle the connection for a
> while, and soon the VPN Gateway doesn't respond to anyone. Several
> hardware reboots later things start connecting again with the same
> problem. I really noticed this after I connected the server for the
> first time. Prior to that I was able to RDP on station from the
> other station through the VPN Connection, so I know they can reach
> each other.
>
> I set up the Shrew exactly the way shown on the Shrew set-up page for
> netgear.
>
>
> Maybe a question for further down the road, but can I set this up a
> different way than shown on the Shrew set-up page? It ha me using
> 3DES, which I recall uses a ton of processor resourses.
...
Hi Josh,
For the first problem (users kicking others) it's possible that the
Netgear only only allows one concurrent login. Since you're all using
the same remote identifier, I think that there's probably a conflict.
(I'm not sure why it requires multiple reboots to restore service though.)
I'm not sure if there's a way to allow multiple logins with the same
remote identifier. You could explore using a different Remote
Identifier Type, perhaps there's one that allows a dynamic client IP. If
you have a fixed (and manageable) number of clients, you could also
create a separate VPN (IKE Policy) for each.
For the second issue, you can always try using some encryption other
than 3DES to save cycles, although you'd probably also sacrifice some
level of crypto strength. It might be worth it though, if your clients
are in the field and battery life is an important issue. Just make sure
that both the gateway and client are set to the same values and it
should work.
If all you need the VPN for is access to the server, since you've got
Server 2008 R2, if your clients are Win7, you could also look at putting
them together as a domain and using DirectAccess to provide an encrypted
channel between the server and clients.
More information about the vpn-help
mailing list