VPN Concentrator 3015 - Remote connection question

hello

Got a problem where we use a Cisco VPN Concentrator 3015 serries.
Peeople are fine using it for remote access. But we found a problem today at  a client site. We have 2 users connecting through an ADSL 4 port router and once logs on OK , but when the other logs in it logs the other person off.
Looking at the config on the VPN Conc. under-
CONFIGURATION
  TUNNELLING AND SECURITY
      IPSEC
          NAT TRANSAPRENCY
It has port 10000 as the TCP port, but none of the checkboxes are checked for IPSEC over TCP and IPSEC over NAT-T
PAT is being used.
Is there a quick fix for this. When connecting on 2 separate ADSL lines it works fine. So I am not sure if it is the Router or the Config of the Concentrator

Any help welcome

Thanks
clarkeyiAsked:
Who is Participating?
 
lrmooreCommented:
How about site-site VPn tunnel. No client software to deal with, no restrictions on the router.
Linksys RV042
Linksys BEFSX4
Cisco PIX501

Any of these will let you set up a LAN-LAN tunnel from the concentrator.

0
 
magicommincCommented:
You want to enable that "NAT TRANSAPRENCY" function at cisco concentrator, also at the VPN client side: under transport tab,you want to check "enable transparent tunneling" and select "ipsec over UDP (nat/pat)".
most simply ADSL router doesn't understand IPSec well, when you have multiple con-current IPSec sessions, it can't distinguish one IPSec from the other, so second attempt simply kills first one.
0
 
clarkeyiAuthor Commented:
Hello

Thanks for the info. I have just changed this and it stopped the VPN connecting. Took out the option for Nat-T and it worked again.
is there another step that needs changing here such as the port number for IPSEC\UDP and where would the changes need to be made?

Thanks
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
clarkeyiAuthor Commented:
A bit more info, the Concentrator does not sit behind a fierwall, only a router. Does a config. change need to be made on the router?

Thanks again!
0
 
lrmooreCommented:
>We have 2 users connecting through an ADSL 4 port router and once logs on OK , but when the other logs in it logs the other person off.
This is a restriction on the remote 4-port router, not on the concentrator.
It can only handle nat translation for one tunnel at a time. This is primary behavior of most consumer/SOHO routers.
0
 
magicommincCommented:
have you tried this also: at VPN client software (not concentrator), under transport tab, check "enable transparent tunneling" and select "ipsec over UDP (nat/pat)"?
0
 
clarkeyiAuthor Commented:
Hello

Seem to of tried alot of different configs now but stil no joy.
I have found out that the ADSL router is a Zyxel prestige 660HW. Spec of the router is here
http://www.broadbandbuyer.co.uk/Shop/ShopDetail.asp?ShopGroupID=38&CategoryID=80&ProductID=1092

There is the function of
VPN (Virtual Private Network) Features

    * Single-session Virtual Private Network (VPN) Pass-through (IPSec, PPTP)

NAT (Network Address Translation) Features

    * Many-to-One (NAT)
    * One-to-One (Server NAT)
    * Many-to-Many (Multi-NAT)
    * Full Routing (Non-NAT)

Does the single session VPN simply mean it can't be done?

Cheers
0
 
lrmooreCommented:
>Does the single session VPN simply mean it can't be done?
I'm afraid so. "single session" means just that - it can't handle more than one at a time... However, is this router at the user end, or at your end with the 3015? If it's on your end and you have Full Routing enabled, then you should be OK. If you have any NAT selected, you're in trouble.
0
 
clarkeyiAuthor Commented:
Yes, the Routeris at the client site end and they we us NAT. This is the problem. I donlt think NAT will work through the router
0
 
lrmooreCommented:
Yes, that appears to be the problem. Many routers, even the "VPN" type routers that support multiple VPN tunnels don't always support more than one simultaneous tunnel to the same remote end point.  
0
 
clarkeyiAuthor Commented:
Thanks for your comments - Next question is does anyone know a reasonable priced router to overcome this problem and have more than 1 simultaneous connection to the same site

Thanks
0
 
lrmooreCommented:
Are you still working on this?
Have you found a solution?
Do you need more information?

This question will be classified as abandoned soon if we don't get some feedback from you.

Can you close out this question? See here for details:
http://www.experts-exchange.com/help.jsp#hs5

Thanks for your attention!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.