Our company uses the 3015 VPN concentrator to allow users access from unsecure locations.
We also have several small sites that use either DSL or Cable modems to connect to the internet.
We are having a problem with sites trying to use mutliple vpn connections at the same time.
Could someone please provide the reason why multiple vpns cannot be connected from behind a dsl or cable modem.
Are there DSL or cable modems that allow for mutliple connections?
I have not run into this problem, but what I have done at small remote locations is create a VPN tunnel from PIX to the VPN Concentrator. That way there is only one tunnel for the site and all user traffic from the remote site will pass through that tunnel.
thx for reply,
These sites are so small, that mngmt is not willing to put in another device to setup a vpn connection.
The VPN's should still work. Are there any firewalls or Access List on the main site? Are the cable and DSL routers yours or the ISP's. I have run into a few ISP that enable port filtering on their routers and don't tell their customers. If you are using ISP equiptment, you may check and see if they are doing any port filtering.
Sorry , I may not have been clear...
I can get a single VPN connection to work, but when a second person tries to connect, they will error out or disconnect the first vpn connection.
Most sites had the ISP supply the DSL or Cable modem
I have this problem at home with my cable modem, I have full control of the device. I can only use 1 vpn connection at a time.
This is a known issue, I had some documentation describing the problem.
I can't find it now, I think it is in the Cisco knowledge base , I just haven't come across it.
I've checked the firewall and access list, I don't see that as the problem.
As I recall, the DSL or Cablem modems just can't handle more than one VPN/IPSEC connection at a time.
This was around 2 years ago, so I'm wondering if new DSL/Cable modems can handle more VPN connections now.
Again, thx for the help!
We ran into the same issue. Hosts behind a 3com lan modem, only one host could connect using pptp. The reply I got back when I posted our problem on the forum said the problem was because pptp uses GRE /TCP. We have solved the issue at another site (different firewall though) by using the cisco ipsec client with ipsec over udp enabled.
(I do have a couple queries though about our experience though. Would it have worked if we replaced our 3015 with a Windows VPN server? The 3com lan modem specifically allows pptp traffic then why would it allow only one?)
Most of the vendors out there supports only 1 ipsec connection (Linksys, GNet). If assume you are using that kind of box because you have more than one user (computer) at remote office. The easiest way to do multiple ipsec tunnels would be to put harware VPN box ...
The "problem" you describe here isn't really a problem at all, just the way things work. Take a look at using Nat Traversal or Transparent NAT on your VPN Concentrator along with the Cisco VPN client software. That might fix your problem.