diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java
index 958f239bd8a..79b6c30467d 100644
--- a/server/src/com/cloud/network/NetworkManager.java
+++ b/server/src/com/cloud/network/NetworkManager.java
@@ -333,8 +333,9 @@ public interface NetworkManager extends Manager {
      * @param cmd the command specifying the ip address, ip range
      * @return the RemoteAccessVpnVO if successful, null otherwise
      * @throws ConcurrentOperationException 
+     * @throws ResourceUnavailableException 
      */
-    public RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException;
+    public RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException;
     
     /**
      * Destroy a previously created remote access VPN
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 20f7db82012..ddb4131defa 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -2657,7 +2657,7 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
         	}
         	locked = true;
         	vpnVO = new RemoteAccessVpnVO(account.getId(), cmd.getZoneId(), publicIp, range[0], newIpRange, sharedSecret);
-        	_remoteAccessVpnDao.persist(vpnVO);
+        	vpnVO = _remoteAccessVpnDao.persist(vpnVO);
         	txn.commit();
         	return vpnVO;
         } finally {
@@ -2669,7 +2669,7 @@ public class NetworkManagerImpl implements NetworkManager, DomainRouterService {
 
 	@Override
 	@DB
-	public RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException {
+	public RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException {
     	Long userId = UserContext.current().getUserId();
     	Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId());
         EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Creating a Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId());
diff --git a/server/src/com/cloud/network/router/DomainRouterManager.java b/server/src/com/cloud/network/router/DomainRouterManager.java
index 31886d53a15..e17975e147b 100644
--- a/server/src/com/cloud/network/router/DomainRouterManager.java
+++ b/server/src/com/cloud/network/router/DomainRouterManager.java
@@ -175,7 +175,7 @@ public interface DomainRouterManager extends Manager {
 	
 	DomainRouterVO deploy(NetworkConfiguration guestConfig, NetworkOffering offering, DeployDestination dest, Account owner) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException;
 
-	RemoteAccessVpnVO startRemoteAccessVpn(RemoteAccessVpnVO vpnVO);
+	RemoteAccessVpnVO startRemoteAccessVpn(RemoteAccessVpnVO vpnVO) throws ResourceUnavailableException;
 	
 	boolean addRemoveVpnUsers(RemoteAccessVpnVO vpnVO, List<VpnUserVO> addUsers, List<VpnUserVO> removeUsers);
 
diff --git a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
index b32fbd84c6f..aa0987b5929 100644
--- a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
+++ b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java
@@ -121,6 +121,7 @@ import com.cloud.network.dao.LoadBalancerDao;
 import com.cloud.network.dao.LoadBalancerVMMapDao;
 import com.cloud.network.dao.NetworkConfigurationDao;
 import com.cloud.network.dao.NetworkRuleConfigDao;
+import com.cloud.network.dao.VpnUserDao;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.GuestIpType;
 import com.cloud.offerings.NetworkOfferingVO;
@@ -225,6 +226,7 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach
     @Inject GuestOSDao _guestOSDao = null;
     @Inject NetworkManager _networkMgr;
     @Inject VmManager _itMgr;
+    @Inject VpnUserDao _vpnUsersDao;
     
     long _routerTemplateId = -1;
     int _routerRamSize;
@@ -2124,7 +2126,7 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach
     }
 
 	@Override
-	public RemoteAccessVpnVO startRemoteAccessVpn(RemoteAccessVpnVO vpnVO) {
+	public RemoteAccessVpnVO startRemoteAccessVpn(RemoteAccessVpnVO vpnVO) throws ResourceUnavailableException {
 		DomainRouterVO router = getRouter(vpnVO.getAccountId(), vpnVO.getZoneId());
 		if (router == null) {
 			s_logger.warn("Failed to start remote access VPN: no router found for account and zone");
@@ -2134,14 +2136,14 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach
 			s_logger.warn("Failed to start remote access VPN: router not in running state");
 			return null;
 		}
+		List<VpnUserVO> vpnUsers = _vpnUsersDao.listByAccount(vpnVO.getAccountId());
+		VpnUsersCfgCommand addUsersCmd = new VpnUsersCfgCommand(router.getPrivateIpAddress(), vpnUsers, new ArrayList<VpnUserVO>());
+		RemoteAccessVpnCfgCommand startVpnCmd = new RemoteAccessVpnCfgCommand(true, router.getPrivateIpAddress(), vpnVO.getVpnServerAddress(), vpnVO.getLocalIp(), vpnVO.getIpRange(), vpnVO.getIpsecPresharedKey());
+		Commands cmds = new Commands(OnError.Stop);
+		cmds.addCommand("users", addUsersCmd);
+		cmds.addCommand("startVpn", startVpnCmd);
 		try {
-			Answer answer = _agentMgr.send(router.getHostId(), new RemoteAccessVpnCfgCommand(true, router.getPrivateIpAddress(), vpnVO.getVpnServerAddress(), vpnVO.getLocalIp(), vpnVO.getIpRange(), vpnVO.getIpsecPresharedKey()));
-			if (answer != null && answer.getResult()) {
-				return vpnVO;
-			} else {
-				s_logger.debug("Failed to start remote access VPN: " + answer.getDetails());
-				return null;
-			}
+			_agentMgr.send(router.getHostId(), cmds);
 		} catch (AgentUnavailableException e) {
 			s_logger.debug("Failed to start remote access VPN: ", e);
 			return null;
@@ -2149,6 +2151,17 @@ public class DomainRouterManagerImpl implements DomainRouterManager, VirtualMach
 			s_logger.debug("Failed to start remote access VPN: ", e);
 			return null;		
 		}
+		Answer answer = cmds.getAnswer("users");
+		if (!answer.getResult()) {
+            s_logger.error("Unable to start vpn: unable add users to vpn in zone " + vpnVO.getZoneId() + " for account "+ vpnVO.getAccountId() +" on domR: " + router.getName() + " due to " + answer.getDetails());
+            throw new ResourceUnavailableException("Unable to start vpn: Unable to add users to vpn in zone " + vpnVO.getZoneId() + " for account "+ vpnVO.getAccountId() +" on domR: " + router.getName() + " due to " + answer.getDetails()); 
+        }
+		answer = cmds.getAnswer("startVpn");
+		if (!answer.getResult()) {
+            s_logger.error("Unable to start vpn in zone " + vpnVO.getZoneId() + " for account "+ vpnVO.getAccountId() +" on domR: " + router.getName() + " due to " + answer.getDetails());
+            throw new ResourceUnavailableException("Unable to start vpn in zone " + vpnVO.getZoneId() + " for account "+ vpnVO.getAccountId() +" on domR: " + router.getName() + " due to " + answer.getDetails()); 
+        }
+		return vpnVO;
 	}
 
 	@Override