Is it possible to have multiple VPN connections at once?

Unanswered Question
Jun 29th, 2009

Here is the setup. I am working on trying to use ASA's at "jump servers" for remote access to network devices. The idea would be to connect to the ASA via a clientless VPN connection and then connect to the network devices.

My question is this. For working remotely, we connect to the corporate network using the Cisco VPN client. Once connected with the client, would it be possible to create another VPN connection to an ASA internally?

Also, if I were to setup multiple ASA jump servers at different locations (say one in a data center and another in the corporate office), would I be able to connect to both ASA's at the same time if I needed to access devices in both locations?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Mon, 06/29/2009 - 12:24

Hi Jason,

As far as I know, you will only be able to use the Cisco VPN client to connect to one remote access VPN at a time. You could setup multiple site-to-site VPNs, but this would limit you on mobility and require hardware at the user's end of the connection where the site-to-site tunnels could be terminated.

Hope that helps.

-Mike

xcz504d1114 Mon, 06/29/2009 - 12:36

I think the only way to do this without requiring hardware at your client sites,as the other gentlemen pointed out, is to setup your VPN servers in a hub and spoke configuration, IE they would all have a site0to-site VPN connection back to the Hub, you as a client, could then connect to any of the ASA's (VPN servers) and have access to any of the other remote sites.

Although I'm sure there is a way to run multiple VPN profiles on a single computer, I'm just unaware of it :)

If I were to design it, I would either hub and spoke, or mesh my ASA's in a site-to-site VPN connection, but this only works if you have static IP's at each location. At a minimum you need 1 static IP to act as a hub, if the other ASA's don't have static IP addresses, that severely limits your connections, as the spokes would always have to initiate the connection to the hub.

Craig

jason.williams@... Mon, 06/29/2009 - 12:47

Let me see if I can clear this up. I'm not sure if I explained it all correctly.

I want to setup and use an ASA internally as a jumping off point to connect to our internal network devices. We would connect to the ASA via WebVPN.

The only problem with this is that we don't want to make the ASA accessibly from the Internet.

Currently, we use the Cisco VPN client to connect to our corporate network from outside through a concentrator.

Now, would I be able to first connect to our concentrator with the client, and then create kind of a tunnel-within-a-tunnel and create a connection to the ASA with WebVPN?

Thanks.

Actions

This Discussion