03-26-2003 11:55 AM - edited 02-21-2020 12:26 PM
Our company uses the 3015 VPN concentrator to allow users access from unsecure locations.
We also have several small sites that use either DSL or Cable modems to connect to the internet.
We are having a problem with sites trying to use mutliple vpn connections at the same time.
Could someone please provide the reason why multiple vpns cannot be connected from behind a dsl or cable modem.
Are there DSL or cable modems that allow for mutliple connections?
thx,
cris
03-26-2003 12:00 PM
I have not run into this problem, but what I have done at small remote locations is create a VPN tunnel from PIX to the VPN Concentrator. That way there is only one tunnel for the site and all user traffic from the remote site will pass through that tunnel.
03-26-2003 12:40 PM
thx for reply,
These sites are so small, that mngmt is not willing to put in another device to setup a vpn connection.
thx again!
cris
03-26-2003 12:48 PM
The VPN's should still work. Are there any firewalls or Access List on the main site? Are the cable and DSL routers yours or the ISP's. I have run into a few ISP that enable port filtering on their routers and don't tell their customers. If you are using ISP equiptment, you may check and see if they are doing any port filtering.
03-26-2003 01:04 PM
Sorry , I may not have been clear...
I can get a single VPN connection to work, but when a second person tries to connect, they will error out or disconnect the first vpn connection.
Most sites had the ISP supply the DSL or Cable modem
I have this problem at home with my cable modem, I have full control of the device. I can only use 1 vpn connection at a time.
This is a known issue, I had some documentation describing the problem.
I can't find it now, I think it is in the Cisco knowledge base , I just haven't come across it.
I've checked the firewall and access list, I don't see that as the problem.
As I recall, the DSL or Cablem modems just can't handle more than one VPN/IPSEC connection at a time.
This was around 2 years ago, so I'm wondering if new DSL/Cable modems can handle more VPN connections now.
Again, thx for the help!
Cris
03-27-2003 12:35 AM
DSL routers can't handle NAT/PAT. You need to use IPSEC over TCP. Supported in VPN Code 3.6.
03-27-2003 04:38 AM
Thx,
I'll givee that a try!
cris
03-27-2003 03:14 AM
Hi
We ran into the same issue. Hosts behind a 3com lan modem, only one host could connect using pptp. The reply I got back when I posted our problem on the forum said the problem was because pptp uses GRE /TCP. We have solved the issue at another site (different firewall though) by using the cisco ipsec client with ipsec over udp enabled.
Norman
(I do have a couple queries though about our experience though. Would it have worked if we replaced our 3015 with a Windows VPN server? The 3com lan modem specifically allows pptp traffic then why would it allow only one?)
03-27-2003 04:55 AM
Hi,
Most of the vendors out there supports only 1 ipsec connection (Linksys, GNet). If assume you are using that kind of box because you have more than one user (computer) at remote office. The easiest way to do multiple ipsec tunnels would be to put harware VPN box ...
Dominic
03-27-2003 08:18 PM
Cris,
The "problem" you describe here isn't really a problem at all, just the way things work. Take a look at using Nat Traversal or Transparent NAT on your VPN Concentrator along with the Cisco VPN client software. That might fix your problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide