Solved

Multiple Cisco VPN clients thru Cable router

Posted on 2004-08-12
8
918 Views
Last Modified: 2008-03-17
I am trying to allow three people to access a Cisco PIX firewall via Cisco VPN client 4.02. They are connected to the internet via Charter Cable High Speed Internet and a Motorolla modem with a Dlink DI604 router. One person at a time can connect fine. Once the second user tries to connect the currently logged in user will be bumped off with a 433 error. I am trying to figure out if this is a limitation of the client or either of the routers or the ISP???? Any info would be greatly helpful. Thanks.
No one has been able to assist me with this problem and Cisco wants $420.00 to maybe or maybe not solve the problem.
0
Comment
Question by:obtech
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 500 total points
Comment Utility
Hi obtech,
It is a limitation of the D-Link router. Most routers only support a single IPSEC passthru connection. Some of the newer D-Link VPN router support multiple sessions.
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
You cannot do this, I had the same problem with a Watchguard SOHO firewall, you can only connect one client at a time. The way to fix this would be to buy a second vpn router on your side, and make a permanent tunnel between the 2 locations. After this, you would be able to have unlimited connection from 1 site to another.
0
 

Author Comment

by:obtech
Comment Utility
Ok, I am getting conflicting reports from the two feedback recieved. Do you think I can use a different router to allow this??? I have tried a different VPN router (DI804HV). Still had same problem. The problem is that I am connecting to another companies router who does not want this company to create a tunnel. Would rather have them use the client instead of connecting all users on that comapnies network. Any insight???? Thanks for the comments.

0
 
LVL 36

Expert Comment

by:grblades
Comment Utility
This D-Link product specifically states that it supports multiple VPN pasthru sessions
http://www.d-link.com/products/?pid=6

I don't understand what you mean by your last comment. The other comany wants you to setup lots of client to LAN VPN sessions instead of using LAN-LAN VPN?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:obtech
Comment Utility
grblades,

Yes as messed up as this sounds they would like to have only the three clients on the remote network that need access to their software. They do not want the other 7 in the office to see their network. I am going to give the DI624 a try and see. Will let you know on Monday. Again, thanks so much for your help...
0
 
LVL 3

Expert Comment

by:snoopy13
Comment Utility
Hi,

I can assure you that this works fine, what you need to look at is the Pix does is support client vpn connection on port TCP 10000 (or any random TCP port) I think the latest version of software may support this. The main problem is usnig UDP behing a NAT service and you have one client connected, when you try to connect the second client the trafffic cannot determine where to go as it already has a connection going through and therefore the second client will not get the response back. I have installed this solution several times over the only difference is that the VPN at the head end is a concentrator which supports client connections on TCP as well as UDP.
0
 

Author Comment

by:obtech
Comment Utility
Snoopy13,

Does this mean that I can have more than one a a time...need a total of three clients. Would guess I would setup the PIX to allow connections on TCP 10000, 10001, 10002??? Does this sound correct? Trying to understand your feedback.
Thanks
0
 
LVL 3

Expert Comment

by:snoopy13
Comment Utility
No if the Pix will support clients connections on TCP all you will have to do is configure your client to use TCP 10000 instead of udp 500. I have to admit having looked on the Cisco web site and I cannot find any details of the Pix supporting this. I have been told by another engineer that the new software on the Pix would support this. If I find anymore detail I will post hem on here.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now