How to allow multiple users in a hotel, using Cisco VPN client software, to connect to the company Cisco VPN Concentrator

I have 10 users at a hotel all using a cisco vpn software client to connnect to the corporate vpn concentrator. The problem is that the concentrator will only allow 1 connection from the same source IP so that means only 1 of the 10 can connect to the corporate network at any given time. How can I set this up so that they can all connect at the same time
Who is Participating?
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
If you with "concentrator" mean Cisco 3000-series VPN-concentrator I would suggest you to upgrade to a Cisco ASA-box because the VPN3000 is end of life and end of support. With an ASA you can use SSL-VPN with Cisco Anyconnect client were you wont have problems like these, which exists because of limitations within ipsec in conjunction with nat.

If you enable nat-traversal, it may fix that problem.
It also may be a limitation of the router at the hotel that it can only support only 1 VPN connection to any one endpoint
jffisherAuthor Commented:
Thanks Guys, I will consider the ASA.
LRmoore's solution seams to be dependent on the Hotel network admin which as we know in most cases is not very supportive.
Any other suggestions, ??
Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

lrmooreConnect With a Mentor Commented:
Allow NAT-Traversal over TCP as well as over UDP on the concentrator.
It may still be a limitation of the hardware at the hotel.
Agree that SSL based solution such as with the ASA will fix the problem permanently.
Markus BraunCEOCommented:
I dont think the hotel network has anything to do with that. If the concentrator only allows 1 IP per VPN Client then that is it. There is not anything you can do on the hotel side.

Technically, if you would have alot of public IP's at the hotel available you could nat each client to a different outside address, but it is unlikely the hotel has that and it would mean alot of configuration on the hotels router.

For the ASA its the same (instead of the concentrator) if you set it up to only allow 1 IP per client (although i am not sure if the ASA can do that) the result is the same. Effectively its the endpoint that needs to allow more than 1 IP.
jffisherAuthor Commented:
Both good answers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.