Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
218
Views
0
Helpful
1
Replies

Multiple nodes behind VPN client

apwalsh
Level 1
Level 1

‎06-21-2006 07:55 AM - edited ‎02-21-2020 02:29 PM

We have remote offices connect to our PIX515E using a VPN client without a problem. We would like several machines from thoese remote locations to connect to resources on our LAN using the VPN client connection already establsihed by a Windows XP machine. Can we use ICS on Windows XP to accomplish this, or is it possible to use several VPN clients on the several machines we want to have connected. The machines at these locations are all behind a NAT device.

We are trying to accomplish this without a hardware investment, although if that is the only way, we will purchase what is needed.

Thank You

Labels:
0 Helpful
1 Reply 1

pkapoor
Level 3
Level 3

‎06-22-2006 05:15 AM

You will need to install a VPN client on each machine that needs to access your LAN resources at the central site.

Since there are several machines behind a NAT device (at each remote site), it is most likely that you are doing a many-to-one NAT on the NAT device i.e. NATing all inside PCs to one public IP. In such case, do the following.

On the PIX-515E, enter the command "isakmp nat-t".

Then if there is any filtering being done in between the PIX-515E and the PCs running the VPN client (EXCEPT for the PIX-515E ACLs), make sure that the following protocol and ports are open.

1. Protocol ESP (50)

2. UDP/500

3. UDP/4500

That's it.

0 Helpful
Customers Also Viewed These Support Documents