[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco VPN Client V4.6.02.011 multiple VPN connections from one PC to mutiple PIX 501's

Posted on 2005-04-14
10
Medium Priority
?
702 Views
Last Modified: 2008-03-04
Can we have more than one VPN outgoing session using CISCO VPN Client to multiple locations?  It seems that we have to disconnect one to connect to another.  I could not find anything on the net about this.
0
Comment
Question by:ort11
10 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13787140
Yes. Simply add this line to the PIX config:
    isakmp nat-traversal 20
0
 
LVL 6

Assisted Solution

by:magicomminc
magicomminc earned 240 total points
ID: 13787246
I don't think you can have multiple con-current VPN connections from one PC, at least Cisco VPN adaptor (automatic created after install VPN client software) doesn't allow you to have multiple VPN sessions at same time. If I understand correct, nat-traversal will allow IPSec traffic travers NAT equipment, such as the case: multiple VPN clients with one external (NATed) IP.
0
 
LVL 1

Expert Comment

by:ender78
ID: 13787626
This is done for security reasons, you do not want to be able to bridge two network together.  What are you trying to accomplish?  Knowing this we may be able to offer a different solution.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 1

Author Comment

by:ort11
ID: 13790132
Thanks for the responses.  We want to do just what I asked.  Once PC VPN logged into >1 remote VPN device.  These are all security protected, so the issue about security reasons is kinda mute (at least in our case).  Checkpoint VPN Client allowed for us to do this.  We may have to allow the remote user (in this case a home user) to install another 501 and to point to point vpns so that all of their connects are available at the same time.

This is more for convienece than anything else, but clients are asking for it since they had it with the other VPN softwre.

Also, I don't think that this is a PIX firewall issue?  I think that this is a Client VPN Issue?  PIX Configs already have the     isakmp nat-traversal 20


Thanks
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 260 total points
ID: 13790190
Just to make sure I understand your issue...
You have a client PC with Cisco VPN software on the inside of your PIX FW.
You want this one PC to connect (VPN) to a remote site - and that works now?
Then you want this same PC to connect to yet another site, without dropping the existing connection to the first site?
The Cisco VPN client will not allow you to have more than one connection at a time. Period.
Nor will the Cisco VPN client allow you to make one connection to a remote site and 'share' that connection with the rest of the network.
0
 
LVL 1

Author Comment

by:ort11
ID: 13790276
Hi:

The later is correct.  There is a REMOTE (behind any sort of frewall / router) using CISCO VPN CLIENT on a PC trying to connect to more than one remote 501 at a time.

That is what I expected, but just wanted to make sure.  The last software the we had (Checkpoint VPN Client) could connet to > 1 remote checkpoint at a time.  I really don't see wht CISCO does not allow this, since the remote connections are under security anyway.  A user has to log out of one to get to another.  Remote retail managers, as well as other situations would make this alot easier.

Now that this is deturmned.  Is there any other way for a PC remote client to connect to multiple 501's via VPN?

Should I ask this in another thread?

Also, I just read my first entry, it could have been a bit clearer.....:-(   thanks for the responses.

thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13790357
There is a solution, which I am currently using to connect to multiple remote PIX firewalls simultaneously, while retaining the VPN client capability to connect to yet another remote VPN concentrator for quick VPn sessions.
I have a VPN capable Linksys router connected to my cable modem. I set up several permanent VPN connections to several different remote sites. If I need to connect temporarily to yet another site, I still have my VPN client on my desktop avialable to connect, do my thing, then disconnect - all without losing my connections to the other PIX's. Right this minute, I have drives mapped across VPN to one PIX, and a term server session to another site behind another PIX...
0
 
LVL 1

Author Comment

by:ort11
ID: 13790507
This is cool, can you post / send the details on the Linksys model and the exact type of Point-to-Point VPNs you are seeting up to the PIX?

Thanks
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13790564
I have Linksys WRV54G
3DES - MD5 static connections to PIX.
Same PIX config as if it is a tunnel to another PIX
0
 
LVL 1

Author Comment

by:ort11
ID: 13790621
Very nice.  I will try it out soon.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question