Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Only one dynamic connection at one time possible

Hello,

I configured a dynamical VPN connection to another company and it works pretty well.

But if another person wants to connect at the same time from another PC over the same dynamic connection - the connection to our company breaks down.

So only one person at one time can be connected to us.

The other company uses the VPN Client 4.0 on an XP Home PC's and I configured an object group on our pix 6.3.1.

Here is my configuration:

name 10.0.0.20 as400_is

ip local pool dyn-vpn-lok-as400 10.3.1.1-10.3.1.9

crypto ipsec transform-set high-des esp-3des esp-sha-hmac

crypto dynamic-map dyn-vpn 10 set transform-set high-des

crypto map VPN 20 ipsec-isakmp dynamic dyn-vpn

isakmp key **** address 0.0.0.0 netmask 0.0.0.0

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 1800

isakmp client configuration address-pool local dyn-vpn-lok-as400 outside

vpngroup lokomo address-pool dyn-vpn-lok-as400

vpngroup lokomo idle-time 1800

vpngroup lokomo password ********

object-group network dyn-lok

network-object host 10.3.1.1

network-object host 10.3.1.2

network-object host 10.3.1.3

network-object host 10.3.1.4

network-object host 10.3.1.5

network-object host 10.3.1.6

network-object host 10.3.1.7

network-object host 10.3.1.8

network-object host 10.3.1.9

access-list lokomotion permit ip object-group dyn-lok host as400_is

access-list no_nat permit ip host as400_is object-group dyn-lok

Thank you for help

Kind regards

M. Koenig

2 REPLIES
Bronze

Re: Only one dynamic connection at one time possible

I could not quiet understand what you meant by "connect over the same dynamic connection". If you are looking for a setup where the PIX is configured for Dynamic-to-Static IPSec (Site-to-Site) while parallely capable of accepting client connections, please see the configuration at http://www.cisco.com/warp/public/110/dynamicpix.html.

New Member

Re: Only one dynamic connection at one time possible

Hello,

thank you for your reply and hint.

It is mostly the thing I need. The only difference is

that I will use routers with dhcp assignet adresses.

M. König

98
Views
0
Helpful
2
Replies