Windows Server - Multiple L2TP VPN connections from the same host..

Asked By averie on 04-Sep-07 05:24 AM
Hi, We have a L2TP VPN setup in out central office.. So, now some of our
employees are trying to connect from a remote office. The VPN server has ISA

The thing is that in the remote office, the clients are sharing a DSL
connection with a DSL router, so they are behind NAT with different Private
IPs but sharing the same public IP address

I had to configure NAT-T in all clients, with the
AssumeUDPEncapsulationContextOnSendRule registry key. All clients also have
the machine certificate required by the VPN server..

The problem is that a single client can connect from the remote office, but
when I  try to connect the other one, the connection times out..

So, is there any special rule I have to configure to allow multiple VPN
connections from the same host???

Phillip Windell replied on 04-Sep-07 12:41 PM
I think you are screwed.

2 Options:

1. Use PPTP instead of L2TP.  Get rid of all the NAT-T stuff and remove any
type of config you performed at the DSL box reguarding this.  It still may
not work because of limitations of the "home user" DSL box you are using.


2. Get rid of the DSL box and replace it with an ISA at the Remote Office.
Use the two ISA's to create a Site-to-Site VPN instead of having users
initiating their own independent Remote Access VPN.   Remote Access VPN
(what you are currently doing) is meant for traveling users or users
connecting from home, is not designed for connecting two offices with
multiple people in them.

Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
Understanding the ISA 2004 Access Rule Processing

Troubleshooting Client Authentication on Access Rules in ISA Server 2004

Microsoft Internet Security & Acceleration Server: Partners

Microsoft ISA Server Partners: Partner Hardware Solutions