Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.


Unanswered Question
May 23rd, 2002
User Badges:

Here is my situation:

Outside VPN IP: (using ficticious addresses as to not reveal my addresses))

Inside VPN IP:

Outside Trusted network router:

Inside trusted network: 192.1.1.X

IGR using

PIX outside interface

Email server

NAT for browsing Used for VPN clients no NAT

How do I allow more than just two VPN connections? Do I have to have a valid IP address for each client that connects or is thier something I should be doing with NAT here? Clients are connecting to the address than taking an address from the pool that includes Is there a way to hand them off to my trusted network for IP assignment?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jfrahim Thu, 05/23/2002 - 12:23
User Badges:
  • Cisco Employee,

I am not sure if I am following your topology properly. Can you describe your topology better .. I am not sure how your pix firewall is connected to the VPN, and sure what VPN devices are you using ( 3000 concentrator, 5000 concentrator, pix, IOS )



tmickle Thu, 05/23/2002 - 13:35
User Badges:

I changed all the IP addresses these are all fake but it is the same topology

Hopefully this explains it a bit better:




(IGR) -->



(PIX 515E) --> [OUT INT] [IN INT]







The PIX 515E is running VPN and Firewall services

For the client side I am running Cisco 3.5.1

I am assigning the VPN clients an ip address from a pool of addresses ( Problem is I want to have 10 clients connect to the VPN possibly at the same time on some occasions but only have 3 IP addresses . Do I have to assing each client a seperate IP address or can I do nat or pat or something.

Hope that clears it up


This Discussion