Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
4
Replies

Multiple VPN client users at same location getting dropped

hajoca
Level 1
Level 1

‎07-02-2003 09:29 AM - edited ‎02-21-2020 12:38 PM

Many of our users connect using the Cisco VPN client to our VPN concentrator. We have discovered that if one remote user is connected to the VPN via a shared DSL connection and a second user tries to connect out the same DSL connection, the first user gets dropped. When that user reconnects, the other user gets dropped, and so on it goes. Is there a way multiple users at a single location can connect simultaneously using the VPN client?

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎07-03-2003 10:41 PM

Enable the NAT Transparency (Trnaparent Tunnelling) feature on the client, either in UDP or TCP. Enable it on the concentrator also either under the Group IPSec parameters (for UDP) or under Config - System - Tunnelling Protocols - IPSec - NAT Transparency (for TCP).

Actually if you're using 3.6 client and concentrator (or higher) versions, then just enable "IPSec over NAT-T" on the concentrator (same screen as above) and the client and concentrator will automatically use NAT Transparency only when necessary, which is when they're going through a NAT device.

The problem here is that the DSL modem you're going through is not handling the NAT'ing of the different VPN connections properly. If you use NAT-T or the UDP/TCP tunnelling feature, the IPSec packets will be encapsulated in UDP/TCP packets which the DSL router should be able to NAT correctly.

0 Helpful

elijah.savage
Level 1
Level 1
In response to gfullage

‎07-04-2003 10:22 AM

Good try but none of this worked for us and what I think the problem is might be his firewall on the dsl connections. Most folks go out and buy one of these linksys/cisco type devices and it does not support more than 1 ipsec tunnel through it. What we had to do was get all of our users to get Nexland Pro series routers it was the only one at the time that would allow multiple ipsec passthrough tunnels. But now I hear the dlink routers also support this.

0 Helpful

hajoca
Level 1
Level 1
In response to elijah.savage

‎07-09-2003 08:57 AM

Since most of our DSL users have linksys style routers, that explains a lot. I suppose there is no way around that. Thanks for your help.

0 Helpful

elijah.savage
Level 1
Level 1
In response to hajoca

‎07-10-2003 07:53 PM

Trying flashing your router with linksys latest frimware if you have ver 2.2 of the device or later. I just spoke with a linksys engineer about this and you need ver 2.2 or later of the hardware and the latest firmware version fixes this.

Good Luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents