?
Solved

Multiple Cisco VPN clients thru Cable router

Posted on 2004-08-12
8
Medium Priority
?
926 Views
Last Modified: 2008-03-17
I am trying to allow three people to access a Cisco PIX firewall via Cisco VPN client 4.02. They are connected to the internet via Charter Cable High Speed Internet and a Motorolla modem with a Dlink DI604 router. One person at a time can connect fine. Once the second user tries to connect the currently logged in user will be bumped off with a 433 error. I am trying to figure out if this is a limitation of the client or either of the routers or the ISP???? Any info would be greatly helpful. Thanks.
No one has been able to assist me with this problem and Cisco wants $420.00 to maybe or maybe not solve the problem.
0
Comment
Question by:obtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 1500 total points
ID: 11785923
Hi obtech,
It is a limitation of the D-Link router. Most routers only support a single IPSEC passthru connection. Some of the newer D-Link VPN router support multiple sessions.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11786259
You cannot do this, I had the same problem with a Watchguard SOHO firewall, you can only connect one client at a time. The way to fix this would be to buy a second vpn router on your side, and make a permanent tunnel between the 2 locations. After this, you would be able to have unlimited connection from 1 site to another.
0
 

Author Comment

by:obtech
ID: 11792581
Ok, I am getting conflicting reports from the two feedback recieved. Do you think I can use a different router to allow this??? I have tried a different VPN router (DI804HV). Still had same problem. The problem is that I am connecting to another companies router who does not want this company to create a tunnel. Would rather have them use the client instead of connecting all users on that comapnies network. Any insight???? Thanks for the comments.

0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 36

Expert Comment

by:grblades
ID: 11792736
This D-Link product specifically states that it supports multiple VPN pasthru sessions
http://www.d-link.com/products/?pid=6

I don't understand what you mean by your last comment. The other comany wants you to setup lots of client to LAN VPN sessions instead of using LAN-LAN VPN?
0
 

Author Comment

by:obtech
ID: 11794655
grblades,

Yes as messed up as this sounds they would like to have only the three clients on the remote network that need access to their software. They do not want the other 7 in the office to see their network. I am going to give the DI624 a try and see. Will let you know on Monday. Again, thanks so much for your help...
0
 
LVL 3

Expert Comment

by:snoopy13
ID: 11814069
Hi,

I can assure you that this works fine, what you need to look at is the Pix does is support client vpn connection on port TCP 10000 (or any random TCP port) I think the latest version of software may support this. The main problem is usnig UDP behing a NAT service and you have one client connected, when you try to connect the second client the trafffic cannot determine where to go as it already has a connection going through and therefore the second client will not get the response back. I have installed this solution several times over the only difference is that the VPN at the head end is a concentrator which supports client connections on TCP as well as UDP.
0
 

Author Comment

by:obtech
ID: 11814285
Snoopy13,

Does this mean that I can have more than one a a time...need a total of three clients. Would guess I would setup the PIX to allow connections on TCP 10000, 10001, 10002??? Does this sound correct? Trying to understand your feedback.
Thanks
0
 
LVL 3

Expert Comment

by:snoopy13
ID: 11818891
No if the Pix will support clients connections on TCP all you will have to do is configure your client to use TCP 10000 instead of udp 500. I have to admit having looked on the Cisco web site and I cannot find any details of the Pix supporting this. I have been told by another engineer that the new software on the Pix would support this. If I find anymore detail I will post hem on here.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question