I have a 3005 Concentrator which I use to terminate remote access PPTP connections. I have users setup and configured so as to allow 5 concurrent connections. However we seem to have demonstrated that I cannot get more than 1 concurrent connection from the same user/IP address combination. When attempting a 2nd connection the log of the concentrator shows a denial--established connection.Furthermore there seems to be a correlation between the Idle Timeout setting and when this 2nd connection can be established ie.. the user can disconnect the 1st, successful, connection but still needs to wait for what appears to be the idle timeout period (this is just an assumption)before the 2nd connection can successfully be established. Is there a way around this or is the theory/assumtion that the box should never see the same user log in more than once from the same IP address concurrently.
As the VPN tunnel is always created in UDP port 500 after the tunnel is establish traffic is passed in protocol ESP, protocol ESP has no ports and because of this PAT will break. To solve this problem, we need to enable NAT-T (or other transparent tunneling method). Depending on the version your concentrator is running (Administration | Software Update | Concentrator), you may enable NAT-T going to Configuration | System | Tunneling protocols | IPSec | NAT-T. Following link may help you
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...