[vpn-help] VPN Connection Problems

Kevin VPN kvpn at live.com
Mon Nov 7 21:05:17 CST 2011 

On 10/26/2011 11:05 PM, Joshua Joyce wrote:
> Experts:
>
...
>
> I have been having problems with the multiple stations kicking off
> the the stations that connected prior.  I juggle the connection for a
> while, and soon the VPN Gateway doesn't respond to anyone.  Several
> hardware reboots later things start connecting again with the same
> problem.  I really noticed this after I connected the server for the
> first time.  Prior to that I was able to RDP on station from the
> other station through the VPN Connection, so I know they can reach
> each other.
>
> I set up the Shrew exactly the way shown on the Shrew set-up page for
> netgear.
>
>
> Maybe a question for further down the road, but can I set this up a
> different way than shown on the Shrew set-up page?  It ha me using
> 3DES, which I recall uses a ton of processor resourses.
...

Hi Josh,

For the first problem (users kicking others) it's possible that the 
Netgear only only allows one concurrent login.  Since you're all using 
the same remote identifier, I think that there's probably a conflict. 
(I'm not sure why it requires multiple reboots to restore service though.)

I'm not sure if there's a way to allow multiple logins with the same 
remote identifier.  You could explore using a different Remote 
Identifier Type, perhaps there's one that allows a dynamic client IP. If 
you have a fixed (and manageable) number of clients, you could also 
create a separate VPN (IKE Policy) for each.

For the second issue, you can always try using some encryption other 
than 3DES to save cycles, although you'd probably also sacrifice some 
level of crypto strength.  It might be worth it though, if your clients 
are in the field and battery life is an important issue.  Just make sure 
that both the gateway and client are set to the same values and it 
should work.

If all you need the VPN for is access to the server, since you've got 
Server 2008 R2, if your clients are Win7, you could also look at putting 
them together as a domain and using DirectAccess to provide an encrypted 
channel between the server and clients.

More information about the vpn-help mailing list