We have a PIX 501 which a customers uses as a VPN end-point to RDP via the Internet to their servers on the inside of the PIX. The VPN works fine and the customer can connect to their server using RDP, however when a 2nd user connects to the same PIX via the VPN and succesfully authenticates they can't connect to the same server via RDP. The customer has the required licenses on the servers for multiple RDP connections and when we bypass the VPN all users can access the same server via mutiple session. My understanding was that the PIX 501 allows 10 concurrent VPN connections which it seems to, but i'm unsure why only one source IP address can gain access to the server on the inside of the PIX, could this be a licensing issue?
Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)
Compiled on Wed 13-Aug-03 13:55 by morlee
UKG-Litmus-PIX up 123 days 17 hours
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 0009.b74a.b24b, irq 9
1: ethernet1: address is 0009.b74a.b24c, irq 10
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Inside Hosts: 10
IKE peers: 10
This PIX has a Restricted (R) license.
Here is a snippet of the config showing the VPN setup
Your configuration looks good and if it works only for one user and not the others over the IPSEC Tunnel, I would use the "Capture" command on the pix and do a debug on the packet and see what the pix is doing with the RDP Requests from the Second Client. This should point you in the right direction.
Also, to answer your question regarding licensing, one quick way to find this is to do clear the xlates on the Pix501 and have only VPN Clients connect to the Pix and try to access RDP.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :