PPTP VPN through a IPSEC VPN

  • Thread starter Thread starter mlick2
  • Start date Start date
M

mlick2

Hi,

I currently have a remote office that is connected back to our
headquarters using a IPSEC VPN. This vpn is a managed service using a
Netgate 7100 on the remote side and a Cisco3k at the main site.

Users at the remote site connect to a business partner using a PPTP
VPN. When they enable "Use default gateway on remote network", there
are no problems and the connection occurs immediatley. However, when
this setting is disabled, the connection takes sometimes up to ten
minutes to connect. Unfortunately, the users need to have their local
access while connected to the vpn.

I have packet captures of the connection attempts if that helps.
Basically, I see the user workstation sending a FIN/ACK and then a RST
packet. This happens for every connection attempt until the connection
is finally made. Once the connection is made, it does not drop and
there are no problems.

Any comments or suggestions will be greatly appreciated.

Thank you in advance,
Matt
 
Forgot to note that the user workstations are running Windows 2000 SP4.
This has also been tested with XP SP1 with the same results. Also,
the PPTP connection works fine from our main campus.
 
mlick2 said:
I currently have a remote office that is connected back to our
headquarters using a IPSEC VPN. This vpn is a managed service using a
Netgate 7100 on the remote side and a Cisco3k at the main site.
Click to expand...

You should consider a Site-to-Site (Router-to-Router) VPN solution using the
Netgate and Cisco Devices. Then the users never initiate anything. The two
networks on each side of the VPN would interoperate together just as if they
were in the same room but on different subnets and it would be totally
transparent to the users.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
 
The business partner that we are connecting to does not have the option
for a site to site link, so pptp is our only option. All traffic from
the remote office uses the IPSEC tunnel back to our headquarters. So
the pptp is tunneled within the ipsec.
 
I have no idea what to tell you then.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
 
Back
Top