This may be a stupid question but I’ll ask anyway.
I am assisting a friend in setting up a new remote branch for Xerox. There will be around 30 users which will be using the Nortel VPN Client to connect to Xerox’s main network.
A problem I’m facing is finding a router which will reliably handle 30 or so concurrent VPN tunnels without spending $1500 or more.
My question is how well would an RB532 handle that amount of encrypted traffic? I realize the ISP bandwidth is also an issue, but I’m not concerned about that at the moment.
Nortel VPN client, does this mean the rb532 is simply routing the traffic to the remote site and not one of the endpoints? Or are you planning on adding 30 pptp/l2tp tunnels to MT? If routing it should be fine, if using MT with 30 tunnels (to the same place?) then it might be a cpu problem under heavy traffic. Not sure why you’d want 30 tunnels to the same place though…
If your just routing thru it then it’s no different than any other traffic.
The reason I asked is because my friend has tried other home/soho routers (including an Actiontec GT701 and a Netgear FVS318NA) in the past and had problems. While 1 client connected without problems, once the customer tried bringing up a second connection to the same IP, both connections would drop. He ended up using “Sygate Office Network” software to get it to work but would like to switch to a hardware router now.
As you said, this may be a nonissue with Microtik, but I just want to make sure before I recommended it to him.
This has to do with the NAT traversal / ip helpers … you can only use a single PPTP session on an IP … typically. GRE is sometimes not tracked and therefore can only be forwarded to a single endpoint. If your just routing (not natting) then you can route as many tunnels thru as you want.
Well, they will have a single static IP from their ISP and the local network will use 192.168.x.x IPs so natting is required, right? If so, then is there a way to turn on GRE tracking so that multiple sessions can be created to the same IP address?
That was my first suggestion but Mike (my friend) didn’t know if Xerox would allow that or not. He’s still checking up on it.
Mez
-edit-
I talked to Mike some more tonight and he said that Xerox will not provide support or guarantee compatability for any type of hardware/router based VPN solution. They will only support the Nortel VPN Client installed on each workstation.
So I ask again, is there any way to turn on GRE tracking or whatever is required to maintain multiple VPN tunnels to the same IP address?
