Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple, Simultaneous VPN Connections Through SOHO 91 Router

I recently purchased a Cisco SOHO 91 router for one of my remote offices. According to the marketing literature and your pre-sales support line, this particular router is capable of passing multiple, simultaneous, client initiated, PPTP VPN connections through itself. However, as soon as my second client connects, both lose performance to the point where Internet Explorer, Outlook, and other network/internet applications lock up.

My SOHO 91 is running IOS version 12.3. My clients are running Windows XP, SP2 and/or Windows 2000, SP4. I'm using the Windows VPN client, PPTP protocol and connecting to a Windows 2000, SP4 Server running RRAS.

My current running configuration is as follows:

Current configuration : 1464 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Router

!

!

username CRWS_Jaidil privilege 15 password 7 ????????????????????????????

no aaa new-model

ip subnet-zero

ip name-server xxx.xxx.xxx.xxx

ip name-server xxx.xxx.xxx.xxx

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool CLIENT

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

partition flash 2 6 2

!

interface Ethernet0

ip address 10.10.10.1 255.255.255.0

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address dhcp client-id Ethernet1

ip nat outside

duplex auto

no cdp enable

!

ip nat outside source list 103 interface Ethernet0

ip classless

ip http server

no ip http secure-server

!

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 103 permit ip any any

access-list 103 permit gre any any

access-list 103 permit tcp any any eq 1723

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

login local

length 0

!

scheduler max-task-time 5000

!

end

Any help you can provide would be greatly appreciated.

Thank you.

Charlie

4 REPLIES
Silver

Re: Multiple, Simultaneous VPN Connections Through SOHO 91 Route

Charlie,

What type of link are you using, what does Eth1 connect to?

As its running in auto duplex and speed, check that the port on the device its connecting to is also runnning the same speed and duplex.

Also check the cpu utilisation with 1 and 2 VPN sessions, command is `show proc' the cpu load is shown at the start of the output.

Are there any errors on the Ethernet ports, issue the command `clear count' then run some data across and have a look at the interfaces with the command `Show Int'

Hopefully one of these commands may point to the problem

Andy

New Member

Re: Multiple, Simultaneous VPN Connections Through SOHO 91 Route

Andy,

Eth1 connects to a network switch which is then connected to the LAN side of another router.

Eth1 picks up a routable IP address from the upstream router's DHCP.

I'm pretty sure the network switch is compatible as most are auto sensing to accomodate whatever type of device connects to it.

I've attached the capture file so you can see the info I received back while running the two tests you suggested. There doesn't appear to be any CPU utilization or interface error issues if I am interpretting the results correctly.

Charlie

Silver

Re: Multiple, Simultaneous VPN Connections Through SOHO 91 Route

The capture details look fine, no errors or exceptional utilisation. Just to be sure you could check the port on the LAN switch, although I dont think you will see any errors.

I'm thinking this may be a problem with a NAT/PAT boundary somewhere? Can you use both clients to browse the Internet or make some connection without using the VPN connection?

If so do they use the same path to the outside network, to rule out link related issues.

Can you use the clients to make PPTP connections to 2 different servers at the same time?

Do you have a firewall in this path somewhere?

My thoughts here are that PPTP uses GRE to encapsulate the traffic, GRE has no source and destination ports in the header. So when the first PPTP tunnel is established to will pass across a firewall. But when the second PPTP is established, I think this causes problems to your firewall.

New Member

Re: Multiple, Simultaneous VPN Connections Through SOHO 91 Route

This is starting to look like a case of misleading marketing to me.

Both clients work fine if connected directly, without the SOHO 91 in the middle. Both can surf the net, both can VPN connect without any performance issues. They would each get their own routable IP when connecting directly, so their paths would be different I'm guessing.

I have no way of testing connections to two different VPN servers, besides, that's not how this device is supposed to work and not how I want to use it.

I've also tested this setup from two different locations, one behind a firewall, the other not; so I don't think this is a firewall issue.

Looks like it's time to request an RMA from my vendor.

Thanks for your suggestions.

262
Views
0
Helpful
4
Replies
CreatePlease to create content