From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_000A_01C2F923.714D7B30
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   If using PPTP then it could be an issue with the router and GRE =
packets.  Some of the consumer firewall/routers support tunneling only a =
single connection at a time.  The reasons for this is that they note = that
GRE packets are being tunneled and send them all to the first = internal
client to establish a session.  The proper behavior is use the = call ID in
the low word of the GRE Key field for routing to the correct = internal
client.  See http://www.ietf.org/rfc/rfc2637.txt.  The router = vendor
should be able to identify whether they support multiple PPTP = sessions or
not.

   If the clients were Windows 2000 or later another option would be to =
use L2TP for the VPN session.  This too can have problems since the =
routers don't all support this or multiple sessions of this either.

Rich

  "Thees Peereboom"  wrote in message =
news:rqkm8vo0kqm2emfv5v0dch9t5henoj4o2p{at}4ax.com...
  A friend has the following problem: His company has an office in A
  with about 20 workstations and a W2K server which is also PDC adn
  DNSserver. The workstations are w98.

  This company also has offices in B and C, with each about 5
  workstations. He wants the workstations in B and C to be on the same
  network as A, log on to the PDC in the A-office and get their IPnumber
  from the DHCP pool on the PDC in A.

  The connections between the different offices are DSL. He has
  installed and established a VPN from both B and C to A.

  His problem is that he can't get to connect the workstations in B and
  C to A. Without the VPN active it takes a very long time to login
  (about half an hour). With the VPN active only one workstation can
  login and then other workstations can't login anymore. It is as if
  only one workstation is allowed to log in or use the tunnel at a time.

  I think it could be his router allowing only one tunnel at a time, but
  am not sure and we would appreciate some ideas.

  TIA

  - Thees Peereboom
------=_NextPart_000_000A_01C2F923.714D7B30
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   If using
PPTP then it =
could be an=20
issue with the router and GRE packets.  Some of the consumer=20
firewall/routers support tunneling only a single connection at a =
time.  The=20
reasons for this is that they note that GRE packets are being tunneled = and send=20
them all to the first internal client to establish a session.  The
= proper=20
behavior is use the call ID in the low word of the GRE Key field for = routing to=20
the correct internal client.  See http://www.ietf.org/rfc/rfc2" target="new">http://www.ietf.org/rfc/rfc2=">http://www.ietf.org/rfc/rfc2637.txt">http://www.ietf.org/rfc/rfc2=
637.txt. =20
The router vendor should be able to identify whether they support = multiple PPTP=20
sessions or not.
 
   If the
clients were =
Windows 2000 or=20
later another option would be to use L2TP for the VPN session.  =
This too=20
can have problems since the routers don't all support this or multiple = sessions=20
of this either.
 
Rich
 

  "Thees Peereboom" <theesp{at}barkto.com>">mailto:theesp{at}barkto.com">theesp{at}barkto.com>
wrote in =
message news:rqkm8vo0kqm=
2emfv5v0dch9t5henoj4o2p{at}4ax.com...A=20
  friend has the following problem: His company has an office in =
Awith about=20
  20 workstations and a W2K server which is also PDC adnDNSserver. =
The=20
  workstations are w98.This company also has offices in
B and C, =
with=20
  each about 5workstations. He wants the workstations in B and C to =
be on=20
  the samenetwork as A, log on to the PDC in the A-office and get =
their=20
  IPnumberfrom the DHCP pool on the PDC in
A.The connections =
between=20
  the different offices are DSL. He hasinstalled and established a =
VPN from=20
  both B and C to A.His problem is that he can't get to connect =
the=20
  workstations in B andC to A. Without the VPN active it takes a =
very long=20
  time to login(about half an hour). With the VPN active only one=20
  workstation canlogin and then other workstations can't login =
anymore. It=20
  is as ifonly one workstation is allowed to log in or use the =
tunnel at a=20
  time.I think it could be his router allowing only one tunnel =
at a=20
  time, butam not sure and we would appreciate some=20
  ideas.TIA- Thees
Peereboom

------=_NextPart_000_000A_01C2F923.714D7B30--

--- BBBS/NT v4.01 Flag-4