Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
2
Replies

Only one dynamic connection at one time possible

mkoenig
Level 1
Level 1

‎09-05-2003 02:17 AM - edited ‎03-09-2019 04:40 AM

Hello,

I configured a dynamical VPN connection to another company and it works pretty well.

But if another person wants to connect at the same time from another PC over the same dynamic connection - the connection to our company breaks down.

So only one person at one time can be connected to us.

The other company uses the VPN Client 4.0 on an XP Home PC's and I configured an object group on our pix 6.3.1.

Here is my configuration:

name 10.0.0.20 as400_is

ip local pool dyn-vpn-lok-as400 10.3.1.1-10.3.1.9

crypto ipsec transform-set high-des esp-3des esp-sha-hmac

crypto dynamic-map dyn-vpn 10 set transform-set high-des

crypto map VPN 20 ipsec-isakmp dynamic dyn-vpn

isakmp key **** address 0.0.0.0 netmask 0.0.0.0

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 1800

isakmp client configuration address-pool local dyn-vpn-lok-as400 outside

vpngroup lokomo address-pool dyn-vpn-lok-as400

vpngroup lokomo idle-time 1800

vpngroup lokomo password ********

object-group network dyn-lok

network-object host 10.3.1.1

network-object host 10.3.1.2

network-object host 10.3.1.3

network-object host 10.3.1.4

network-object host 10.3.1.5

network-object host 10.3.1.6

network-object host 10.3.1.7

network-object host 10.3.1.8

network-object host 10.3.1.9

access-list lokomotion permit ip object-group dyn-lok host as400_is

access-list no_nat permit ip host as400_is object-group dyn-lok

Thank you for help

Kind regards

M. Koenig

Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎09-11-2003 11:12 AM

I could not quiet understand what you meant by "connect over the same dynamic connection". If you are looking for a setup where the PIX is configured for Dynamic-to-Static IPSec (Site-to-Site) while parallely capable of accepting client connections, please see the configuration at http://www.cisco.com/warp/public/110/dynamicpix.html.

0 Helpful

mkoenig
Level 1
Level 1
In response to jsivulka

‎09-12-2003 04:26 AM

Hello,

thank you for your reply and hint.

It is mostly the thing I need. The only difference is

that I will use routers with dhcp assignet adresses.

M. König

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents