Connecting 2 users to a 3030 via a Linksys BEFSR41
Scenario: Husband/Wife work for same company. Company has a VPN 3030 box. They each have their own laptop with VPN Client code 3.6.1 for Windows (using Win2K). Each also have their own id.
Husband connects first, using his laptop, successfully to 3030...wife tries next, connecting using her laptop to the same 3030. When she does, husband's connection drops and she can get on. This seems to occur most likely because linksys is doing NAT'ing and VPN 3030 see's same Linksys address come on and drops first one.
Question: How can I fix this ?? We have many 'happily' married couples in our company! What does work is if one points their client to one VPN 3030 and the other points their client to a backup 3030, then they both get on successfully.
Re: Connecting 2 users to a 3030 via a Linksys BEFSR41
I attempted this, and ran into something interesting. The PC trying to connect used to kick the 1st one right off its VPN connection. Now, the 1st stays connected, but the second PC, the user cannot authenticate. It keeps asking for the user password.
This is the case if on the VPN client under Properties|General tab Enable Transparent Tunneling is not checked.
If you want multiple clients behind the Linksys check on Enable Transparent
Tunneling and also either check UDP or TCP.
With NAT-T over UDP the Linksys will use source port 4500 for the 1st client,
then choose another source port for the 2nd client and so on....
You can verify which source ports the Linksys used by checking the connection detail on the VPN 3000 Administration Sessions and drilling down on the tunnel, for the IPSec session.
Fot NAT over TCP it's basically the same thing. The clients generates a random source port, the Linksys will use this port or genrates a new source port to connenct to the VPN 3000 destinatination(ie. 1000 by defautl).
In either case, firewalls in between will need to allow UDP=4500, TCP=1000 (or any other port you defined).
It's the NAT device that has to generate a new source port (UDP/TCP) for
multiple connections to be identifiable by the headend VPN 3000.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :