Cisco VPN Client V4.6.02.011 multiple VPN connections from one PC to mutiple PIX 501's

Can we have more than one VPN outgoing session using CISCO VPN Client to multiple locations?  It seems that we have to disconnect one to connect to another.  I could not find anything on the net about this.
LVL 1
ort11Asked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Just to make sure I understand your issue...
You have a client PC with Cisco VPN software on the inside of your PIX FW.
You want this one PC to connect (VPN) to a remote site - and that works now?
Then you want this same PC to connect to yet another site, without dropping the existing connection to the first site?
The Cisco VPN client will not allow you to have more than one connection at a time. Period.
Nor will the Cisco VPN client allow you to make one connection to a remote site and 'share' that connection with the rest of the network.
0
 
lrmooreCommented:
Yes. Simply add this line to the PIX config:
    isakmp nat-traversal 20
0
 
magicommincConnect With a Mentor Commented:
I don't think you can have multiple con-current VPN connections from one PC, at least Cisco VPN adaptor (automatic created after install VPN client software) doesn't allow you to have multiple VPN sessions at same time. If I understand correct, nat-traversal will allow IPSec traffic travers NAT equipment, such as the case: multiple VPN clients with one external (NATed) IP.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ender78Commented:
This is done for security reasons, you do not want to be able to bridge two network together.  What are you trying to accomplish?  Knowing this we may be able to offer a different solution.
0
 
ort11Author Commented:
Thanks for the responses.  We want to do just what I asked.  Once PC VPN logged into >1 remote VPN device.  These are all security protected, so the issue about security reasons is kinda mute (at least in our case).  Checkpoint VPN Client allowed for us to do this.  We may have to allow the remote user (in this case a home user) to install another 501 and to point to point vpns so that all of their connects are available at the same time.

This is more for convienece than anything else, but clients are asking for it since they had it with the other VPN softwre.

Also, I don't think that this is a PIX firewall issue?  I think that this is a Client VPN Issue?  PIX Configs already have the     isakmp nat-traversal 20


Thanks
0
 
ort11Author Commented:
Hi:

The later is correct.  There is a REMOTE (behind any sort of frewall / router) using CISCO VPN CLIENT on a PC trying to connect to more than one remote 501 at a time.

That is what I expected, but just wanted to make sure.  The last software the we had (Checkpoint VPN Client) could connet to > 1 remote checkpoint at a time.  I really don't see wht CISCO does not allow this, since the remote connections are under security anyway.  A user has to log out of one to get to another.  Remote retail managers, as well as other situations would make this alot easier.

Now that this is deturmned.  Is there any other way for a PC remote client to connect to multiple 501's via VPN?

Should I ask this in another thread?

Also, I just read my first entry, it could have been a bit clearer.....:-(   thanks for the responses.

thanks
0
 
lrmooreCommented:
There is a solution, which I am currently using to connect to multiple remote PIX firewalls simultaneously, while retaining the VPN client capability to connect to yet another remote VPN concentrator for quick VPn sessions.
I have a VPN capable Linksys router connected to my cable modem. I set up several permanent VPN connections to several different remote sites. If I need to connect temporarily to yet another site, I still have my VPN client on my desktop avialable to connect, do my thing, then disconnect - all without losing my connections to the other PIX's. Right this minute, I have drives mapped across VPN to one PIX, and a term server session to another site behind another PIX...
0
 
ort11Author Commented:
This is cool, can you post / send the details on the Linksys model and the exact type of Point-to-Point VPNs you are seeting up to the PIX?

Thanks
0
 
lrmooreCommented:
I have Linksys WRV54G
3DES - MD5 static connections to PIX.
Same PIX config as if it is a tunnel to another PIX
0
 
ort11Author Commented:
Very nice.  I will try it out soon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.