Multiple Cisco VPN clients thru Cable router

Posted on 2004-08-12
Last Modified: 2008-03-17
I am trying to allow three people to access a Cisco PIX firewall via Cisco VPN client 4.02. They are connected to the internet via Charter Cable High Speed Internet and a Motorolla modem with a Dlink DI604 router. One person at a time can connect fine. Once the second user tries to connect the currently logged in user will be bumped off with a 433 error. I am trying to figure out if this is a limitation of the client or either of the routers or the ISP???? Any info would be greatly helpful. Thanks.
No one has been able to assist me with this problem and Cisco wants $420.00 to maybe or maybe not solve the problem.
Question by:obtech
  • 3
  • 2
  • 2
  • +1
LVL 36

Accepted Solution

grblades earned 500 total points
ID: 11785923
Hi obtech,
It is a limitation of the D-Link router. Most routers only support a single IPSEC passthru connection. Some of the newer D-Link VPN router support multiple sessions.
LVL 15

Expert Comment

ID: 11786259
You cannot do this, I had the same problem with a Watchguard SOHO firewall, you can only connect one client at a time. The way to fix this would be to buy a second vpn router on your side, and make a permanent tunnel between the 2 locations. After this, you would be able to have unlimited connection from 1 site to another.

Author Comment

ID: 11792581
Ok, I am getting conflicting reports from the two feedback recieved. Do you think I can use a different router to allow this??? I have tried a different VPN router (DI804HV). Still had same problem. The problem is that I am connecting to another companies router who does not want this company to create a tunnel. Would rather have them use the client instead of connecting all users on that comapnies network. Any insight???? Thanks for the comments.

LVL 36

Expert Comment

ID: 11792736
This D-Link product specifically states that it supports multiple VPN pasthru sessions

I don't understand what you mean by your last comment. The other comany wants you to setup lots of client to LAN VPN sessions instead of using LAN-LAN VPN?
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Author Comment

ID: 11794655

Yes as messed up as this sounds they would like to have only the three clients on the remote network that need access to their software. They do not want the other 7 in the office to see their network. I am going to give the DI624 a try and see. Will let you know on Monday. Again, thanks so much for your help...

Expert Comment

ID: 11814069

I can assure you that this works fine, what you need to look at is the Pix does is support client vpn connection on port TCP 10000 (or any random TCP port) I think the latest version of software may support this. The main problem is usnig UDP behing a NAT service and you have one client connected, when you try to connect the second client the trafffic cannot determine where to go as it already has a connection going through and therefore the second client will not get the response back. I have installed this solution several times over the only difference is that the VPN at the head end is a concentrator which supports client connections on TCP as well as UDP.

Author Comment

ID: 11814285

Does this mean that I can have more than one a a time...need a total of three clients. Would guess I would setup the PIX to allow connections on TCP 10000, 10001, 10002??? Does this sound correct? Trying to understand your feedback.

Expert Comment

ID: 11818891
No if the Pix will support clients connections on TCP all you will have to do is configure your client to use TCP 10000 instead of udp 500. I have to admit having looked on the Cisco web site and I cannot find any details of the Pix supporting this. I have been told by another engineer that the new software on the Pix would support this. If I find anymore detail I will post hem on here.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN protocal 18 78
Setting up ipSec VPN between ZyXEL routers 3 37
cannot connect to openvpn server 9 60
AWS VPS as AD Server 2 56
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now