# TS Multiple logins using multiple VPN's out



## hylander001 (Oct 18, 2010)

we have numerous users who login into a Terminal server, on this terminal server we have setup our client connections which include every type of VPN connection imaginable Cisco, Citrix, windows vpn, nortel, and various web interfaces, complete this off which a majority of direct rdp connections.
Server configuration - Server 2008, 2 nics
My dilemna is, if user 1 logins in on the incoming nic and opens a Citrix VPN connection which is mapped out the out going nic all is fine until user 2 logs in and wants to open a simple RDP connection fails because Citrix is hogging the ip.
Is there some way to make this work, setting up multiple VM's and control it that way?
any help greatly appreciated and I am willing to communicate further info if required.
Thanks


----------



## Wand3r3r (Sep 17, 2010)

"Citrix is hogging the ip"

How did you come to this conclusion? Your dhcp scope should be large enough for all ip assignments needed. Citrix does not control dhcp/ip assignments.

Usually you would have a vpn server or vpn firewall which a client authenicates to then you logon to a TS/RDP session. Part of your issue, considering vpn clients tend to create exclusive tunnels, is that you are trying to do too much with one box.

Some of the client software you are loading, Cisco for example, don't belong on the server. They are client softwares. You use client software to connect to a running vpn server. It would be a security and bandwidth nightmare if you were allowing clients to vpn into your server to then vpn into someone elses server.


----------



## hylander001 (Oct 18, 2010)

Thanks wand3r3r But i think i have not explained well. our users RDP to the TS server, then they need to be able to select the client site they are going to connect too, which can be either a cisco connection, rdp, web etc, 
95% of our connections are RDP 5% are are some flavor of VPN
2 nic's on the TS and we could install VM's for each of our VPN customer connections
This is oneway there is no customers connecting, we do the connecting to them
basically how do I have multiple VPN's work on a TS? setup VM's for each?


----------



## Wand3r3r (Sep 17, 2010)

Each TS/RDP session is a VM so having a vm on top of a vm does not sound like a good idea to me.

I would have to guess with this setup you are just fine with connection doing rdp to the server and then rdp to the client. It is when you use a vpn client you run into issues?


----------



## hylander001 (Oct 18, 2010)

Yes that is the problem. example: Mytech1 connects to TSserver, opens a RDP session, Mytech2 connects to TSserver and wants to open a VPN connection. if he does it will kick the other RDP session off. is a router that can do NAT able to help here? or a software appliance like ISA?

Thanks


----------



## djaburg (May 15, 2008)

I would think that you best bet would be to get a good router like a sonicwall and get the globalvpn client licenses. Doing it that way allows your users to VPN to the network (via the router instead of the server) and then they could connect to the server using their RDP client. Just out of curiosity, do you have terminal server licenses installed on the server or do you only have remote administration enabled?


----------



## hylander001 (Oct 18, 2010)

This will be a new server with min 20 TS licenses. our current remidy is a machine with remote access enabled, 1 user can login at a time and use any of the various VPN clients to connect out. This machine has 2 nics
ultimately the new machine would allow numerous ts connections while allowing those users to use any of the various vpn's to connect out, while some of the ts users would be using RDP to connect out.
Thanks


----------



## djaburg (May 15, 2008)

I'd still look at getting a more standardized approach for your VPN instead of using several different kinds. You'll find that a good router based VPN solution will make things more efficient and will reduce the amount of headaches you'll experience. Again, this is just my suggestion, but it is based on more years doing this stuff as it will make me seem old(ish). As you indicated in your most recent post, right now you have a "machine" with remote access enabled, which I will assume is a workstation/desktop or server with no terminal services licensing on it. That would be why you're having the issues you're having since workstations are not designed to have multiple simultaneous users connected and servers without terminal service licenses installed only function in remote admin mode which will allow one, possibly two users at most.


----------



## hylander001 (Oct 18, 2010)

My situation, I have just taken over this position and I know that if we could standardize our VPN connections is best BUT that said... our current client base that we connect remotely to have been allowed to dictate the connection types and there is no way now to change this, I know the current "machine" is completely inadequate and This is why I am researching a better method of handling these multiple vpn types from one TS machine. I was hoping that mayne I could set up a TS with 20 licenses, and put my remote connection manager on this machine to allow ease of connection information management (as our clients may and do change IP regularly) this would resolve the RDP sessions, I then thought maybe I could setup 5 VM's (xp os) and install the VPN clients on them, our tech's could connect to the TS, fire up a VM and use it to connect out through a Router that could handle NAT, this way not interferring with the other user using RDP from the TS, This would limit our VPN out connections to a max 5 but oh well better than what we have right now.
Thanks


----------

