Simultaneous Cisco Client VPN Connections

Posted on 2004-08-05
Medium Priority
Last Modified: 2013-11-16

I have an office using a pix 506 configured to accept Cisco VPN client connections.

I have another office with 5 users.  They are on a workgroup LAN and use DSL service for Internet access.

Is it possible for multiple users in the 5 person office to establish a simultaneous vpn connection to the pix using the Cisco vpn client?

So user 1 connects to the pix via Cisco vpn client, then user 2, and so on.

Or is a vpn concentrator required?
Question by:jimm123
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 36

Expert Comment

ID: 11730227
Hi jimm123,
Yes it is possible. It will however depend what equipment the other office is using the share the DSL between users. If you are using a normal home (netgear , linksys etc...) DSL router then many of these dont support more that one VPN connection at a time through them.

Author Comment

ID: 11730255
Not sure on the equipment.  Is there any particular router setting or service that would enable / disable multiple vpn connections?
LVL 36

Expert Comment

ID: 11730256
If the router at the other office cannot support multiple VPN sessions then you might want to replace it with a PIX 501. Even if the DSL is PPOE or dynamic IP address you can still have a site-to-site VPN by configuring the remote site to work as an easyvpn client
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

LVL 36

Accepted Solution

grblades earned 500 total points
ID: 11730280
If the router supports VPN sessions then there will typically be an option for 'IPSEC passthru' which you need to turn on. You will need to look at the manual to see if it supports multiple sessions. Alternativly just try it. If it does not support multiple sessions the 1st user will be kicked off the VPN when the second user connects.

Author Comment

ID: 11730345
grblades, thanks for the info.
I was hoping to avoid using a pix for a 5 person office (cost reasons)
When discussing this option with the DSL provider I should inquire if the provided router supports multiple VPN connections and/or IPSEC pasthru?
LVL 36

Expert Comment

ID: 11730782
It will have to support IPSEC passthru. It is a case if whether it supports a single passthru connection only or multiple ones.
I know that some of the D-Link support multiple passthru and Linksys normally only support one.
LVL 79

Expert Comment

ID: 11731487
Generally, the lower end broadband routers only support one VPN tunnel at a time with the Passthrough option.

You can get a Linksys VPN broadband router for ~$100 and setup a lan-lan VPn tunnel to the PIX and none of them have to use the VPN client.
LVL 36

Expert Comment

ID: 11737081
Personally I would not use one of these home products in a commercial enviroment. My first home router was a SMC Barricade 7004br and this would repeatedly crash if you had lots of connections going through it. My second is a Linksys BEFSX41 and the initial release of firmware would not connect to a ftp server if the last octet of the ip address was over 127. It took them a few revisions and over 6 months to get VPN working.
There is not much profit in most of these home routers so the companies don't spend a lot of time and money testing them and so if you get a newly released model be prepared for software bugs.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question