Pix firewall is preventing multiple users behind NAT firewall from VPNing into my network

Posted on 2005-04-05
Medium Priority
Last Modified: 2013-11-16
I have two users that are at the same house behind a Linksys Wireless Router (BEFW11S4). The first users connects to our vpn fine. Once the second one goes to connect the first one gets disconnected. The first one (who is now disconnected) also cannot connect to our Outlook Web Access (which is accessible outside our vpn) after their VPN is disconnected.

I'm assuming the router is only allowing 1 connection from that ip address?
Question by:periker
LVL 13

Accepted Solution

td_miles earned 200 total points
ID: 13711911
The Linksys router uses a VPN passthru method that only allows a single user to have a VPN passthru at the same time.

I can't find a definitive (linksys) link to show this, but this guys site is usually correct:

Don't know about the OWA thing, I'd guess it's because the VPN client on the PC is doing something screwy after being disconnected.

LVL 79

Expert Comment

ID: 13712763
td_miles is correct, the one-at-a-time is a limitation of that router (I have one of those, too, so I speak from experience).
However, make sure this command is in your PIX:
  isakmp nat-traversal 20

If the first user gets disconnected by the router, the client may still be holding on to the DNS information given by the VPN connection. What version client are you using? 4.x is the prefered client. If using XP/SP2, then be sure to use the latest 4.05 or 4.6

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month14 days, 21 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question