cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
265
Views
0
Helpful
2
Replies

Simultanious user error.

mvandeberg
Level 1
Level 1

I have a VPN user profile on my 3000 concentrator. This user is set for only 1 concurrent login. The problem is, if someone else trys to connect to the concentrator with the same user and credentials, it will kick the original connection off, and let the second one create a tunnel. Shouldn't it be the other way around? What if I have a legitimate user tunneled in, and a hacker connects and creates a tunnel?

Thanks in advance,

Mike

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

It should be the other way around, yes.

Are these two users tunnelling in from behind the same device doing PAT? If so then this may be your problem, not the concurrent user limit. Some PAT devices can't handle PAT'ing IPSec traffic cause it's not TCP or UDP based, and so they'll just send the packets through. The 3000 receives a new tunnel request from what it thinks is the same VPN client (because the source IP address is the same), so it drops the first tunnel.

You should enable Transparent Tunnelling either with UDP or TCP so the IPSec packets are encapsulated into TCP/UDP packets, then the PAT device should be able to handle it properly.

Yes, they were coming from the same IP, so your explaination would make sene... Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: