Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't Establish Multiple VPN Sessions from the Same Segment 1

Status
Not open for further replies.
mmathias

mmathias

IS-IT--Management
May 12, 2006
4
US
We're using the Cisco VPN Client v 4.8.00.0440 to remotely connect to our Cisco PIX firewall. We can handle lots of sessions, but only one session from a single destination. This manifests itself when multiple employees are, for example, in the same hotel and try to connect simultaneously, or at another office and try to connect simultaneously.

Does anyone know how we can get multiple VPN sessions to work simultaneously with the Cisco VPN client?

Thanks in advance.
 
Sort by date Sort by votes
The only thing I can think of and have seen in the past is when hotels offer two levels of internet access. The first standard method were everyone funnels out one ip address and the more expensive premium method were you can get your own ip routeable address. This would then allow multiple connections as each person would have a different peer address.
 
Upvote 0 Downvote
This appears to be happening EVERYWHERE we try to use the VPN client to establish multiple, simultaneous sessions...whether it be in a hotel, home, a substantial business environment...everywhere.

Any other ideas?
 
Upvote 0 Downvote
You need to NAT the addresses of the people connecting. The problem is that once the VPN gets the IP of the first one to connect, it sets up a route for that network in its routing table. If another connects from the same network, the VPN device figures that the original connection has failed and it will rewrite a new route to the new connection and kill the previous one.

If you NAT all source addresses of all your connections, then the VPN will only create routes for those addresse, not taking into consideration the actual IPs of your clients. Your connections will then become one to one. It may end up being difficult to configure, but it should work.
 
Upvote 0 Downvote
Thank you. I've passed the suggestion along to my network people.
 
Upvote 0 Downvote
Zen37 (or others),

Regarding the NATting of the VPN connections, I spoke with my network admin who thought it may have to be done on the client router side rather than on the host router side. Can you please clarify your comment?

If it has to be done on the client side -- and when I'm traveling I have no control over the router in the hotel, for example -- is there another way to address this situation so that multiple members of my company can use the VPN client software simultaneously?

If you're referring to the host router, apparently we are already NATing incoming traffic, so are there some specific settings we need to enable/disable or other areas in which we can look?

Regards,
Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

woza
  • Locked
  • Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
209
DrB0b
DrB0b
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
190
iggsterman
iggsterman
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
74
quazimotto
quazimotto
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
402
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
128
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top