We have a customer - a hotel, using a shared internet connection for staff and guests. We have firewalled hotel network internally from guest network.
However hotel staff working off site need VPN (PPTP) access to their server. Currently PPTP traffic from a single external IP is forwarded to the server. This allows guests to use their own VPNs as well.
Now the staff are mobile and can't restrict their VPN traffic to come from a single external IP. Can anyone recommend the best solution here? If we port forwarded all PPTP to the server the of course this would break guests VPN connections.