multiple VPN tunnels using DSL/Cable

[ilpadrino]

Does anyone know if it's possible to use several VPN clients simultaneously through one public IP provided by DSL or Cable internet service?

The specific equipment I use is a Cisco 3005 VPN Concentrator with its software clients.

So far if I have several machines sharing an internet connection, only one can use the VPN software client. If another tries, it disconnects the first.

thanks in advance, joe.

 

[EddieVenus]

You can use many at once, IF you meet the following requirements.
1) You are not firewalled, or if you are it must be a higher end one able to support multiple VPNs through it.
2) Your clients are not all using the same addresses and such. this is just obvious, but sometimes it is set up this way.
if you can say yes to these 2 things you *should* be able to connect several VPNs coming in or going out to a 3005 without a problem. It is generally that the concentrator is behind a firewall, usually a cheap one, that is either forwarding, or passing thru the traffic incorrectly. Any PIX, checkpoint, or Raptor will do it, there are more, but I have little experience with others that do it. That being said, you generally do not want to firewall your VPN device, since it is better to firewall it once inside your concentrator, or not at all. That is how the firewall VPNs work, they are *outside* the firewall for the most part, and only get firewall protection once the connection is made. So that was a long answer to a short question. I hope it helped some.

EV

 

[ilpadrino]

Our firewall is a 1600 using access lists. When you say the clients are not using the same address, are you talking about their ISP provided address? DSL and Cable give one IP to the router or modem.

The concentrator can have many connections at once, just not more than one from the same location or IP address. The 3002 is an expensive solution that works for us, but for offices with 2 people, it would be nice to use the software clients.

Maybe I'm not making any sense.

 

[Arisap]

If I understand this properly, you cannot have multiple VPN clients through a PAT (Port Address Translation). Pat is used when you have 30 devices behind a firewallor like device and they all use 1 IP address to access the outside world. The VPN client doesnt understand the PAT ports coming back

 

[blackviper]

If that is true Arisap, it must depend on the VPN client involved. I know that Nortel's VPN Client can have multiple clients run through PAT (NAT) from one public IP at the same time (at least when you use a LINKSYS Router).
You can even connect to the same Nortel VPN Switch twice from the same public IP.

 

[ilpadrino]

Well I found some options and installed one this week. The one I picked was Nexland's Pro Series device. The other company is Snapgear.

So far I am able to use the Cisco Software VPN client on 2 machines connected to the Nexland device. I say 2 because that's all I need. According to Nexland, there is no limit. So far it has worked - well for 3 days anyway, and I don't foresee any problems.

The Nexland connects to your broadband connection (dsl or cable or whatever) and acts as a router. It has some firewall features and other advanced features not included in common devices like Linksys.

I also have a third machine connected to the cable modem seperate from the Nexland, which is able to also use the same internet connection at the same time.

The nexland cost $145 plus shipping. Thanks for your responses.

Joe.