Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VPN Concentrator 3015 - Remote connection question

Posted on 2005-04-20
14
Medium Priority
?
328 Views
Last Modified: 2010-04-12
hello

Got a problem where we use a Cisco VPN Concentrator 3015 serries.
Peeople are fine using it for remote access. But we found a problem today at  a client site. We have 2 users connecting through an ADSL 4 port router and once logs on OK , but when the other logs in it logs the other person off.
Looking at the config on the VPN Conc. under-
CONFIGURATION
  TUNNELLING AND SECURITY
      IPSEC
          NAT TRANSAPRENCY
It has port 10000 as the TCP port, but none of the checkboxes are checked for IPSEC over TCP and IPSEC over NAT-T
PAT is being used.
Is there a quick fix for this. When connecting on 2 separate ADSL lines it works fine. So I am not sure if it is the Router or the Config of the Concentrator

Any help welcome

Thanks
0
Comment
Question by:clarkeyi
  • 5
  • 5
  • 2
12 Comments
 
LVL 6

Expert Comment

by:magicomminc
ID: 13826891
You want to enable that "NAT TRANSAPRENCY" function at cisco concentrator, also at the VPN client side: under transport tab,you want to check "enable transparent tunneling" and select "ipsec over UDP (nat/pat)".
most simply ADSL router doesn't understand IPSec well, when you have multiple con-current IPSec sessions, it can't distinguish one IPSec from the other, so second attempt simply kills first one.
0
 

Author Comment

by:clarkeyi
ID: 13832044
Hello

Thanks for the info. I have just changed this and it stopped the VPN connecting. Took out the option for Nat-T and it worked again.
is there another step that needs changing here such as the port number for IPSEC\UDP and where would the changes need to be made?

Thanks
0
 

Author Comment

by:clarkeyi
ID: 13832476
A bit more info, the Concentrator does not sit behind a fierwall, only a router. Does a config. change need to be made on the router?

Thanks again!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 79

Expert Comment

by:lrmoore
ID: 13833991
>We have 2 users connecting through an ADSL 4 port router and once logs on OK , but when the other logs in it logs the other person off.
This is a restriction on the remote 4-port router, not on the concentrator.
It can only handle nat translation for one tunnel at a time. This is primary behavior of most consumer/SOHO routers.
0
 
LVL 6

Expert Comment

by:magicomminc
ID: 13835596
have you tried this also: at VPN client software (not concentrator), under transport tab, check "enable transparent tunneling" and select "ipsec over UDP (nat/pat)"?
0
 

Author Comment

by:clarkeyi
ID: 13856754
Hello

Seem to of tried alot of different configs now but stil no joy.
I have found out that the ADSL router is a Zyxel prestige 660HW. Spec of the router is here
http://www.broadbandbuyer.co.uk/Shop/ShopDetail.asp?ShopGroupID=38&CategoryID=80&ProductID=1092

There is the function of
VPN (Virtual Private Network) Features

    * Single-session Virtual Private Network (VPN) Pass-through (IPSec, PPTP)

NAT (Network Address Translation) Features

    * Many-to-One (NAT)
    * One-to-One (Server NAT)
    * Many-to-Many (Multi-NAT)
    * Full Routing (Non-NAT)

Does the single session VPN simply mean it can't be done?

Cheers
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13857506
>Does the single session VPN simply mean it can't be done?
I'm afraid so. "single session" means just that - it can't handle more than one at a time... However, is this router at the user end, or at your end with the 3015? If it's on your end and you have Full Routing enabled, then you should be OK. If you have any NAT selected, you're in trouble.
0
 

Author Comment

by:clarkeyi
ID: 13858058
Yes, the Routeris at the client site end and they we us NAT. This is the problem. I donlt think NAT will work through the router
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13858087
Yes, that appears to be the problem. Many routers, even the "VPN" type routers that support multiple VPN tunnels don't always support more than one simultaneous tunnel to the same remote end point.  
0
 

Author Comment

by:clarkeyi
ID: 13915847
Thanks for your comments - Next question is does anyone know a reasonable priced router to overcome this problem and have more than 1 simultaneous connection to the same site

Thanks
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 13916696
How about site-site VPn tunnel. No client software to deal with, no restrictions on the router.
Linksys RV042
Linksys BEFSX4
Cisco PIX501

Any of these will let you set up a LAN-LAN tunnel from the concentrator.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 14354164
Are you still working on this?
Have you found a solution?
Do you need more information?

This question will be classified as abandoned soon if we don't get some feedback from you.

Can you close out this question? See here for details:
http://www.experts-exchange.com/help.jsp#hs5

Thanks for your attention!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question