01-29-2004 10:05 AM - edited 03-09-2019 06:16 AM
I have a VPN user profile on my 3000 concentrator. This user is set for only 1 concurrent login. The problem is, if someone else trys to connect to the concentrator with the same user and credentials, it will kick the original connection off, and let the second one create a tunnel. Shouldn't it be the other way around? What if I have a legitimate user tunneled in, and a hacker connects and creates a tunnel?
Thanks in advance,
Mike
01-29-2004 04:14 PM
It should be the other way around, yes.
Are these two users tunnelling in from behind the same device doing PAT? If so then this may be your problem, not the concurrent user limit. Some PAT devices can't handle PAT'ing IPSec traffic cause it's not TCP or UDP based, and so they'll just send the packets through. The 3000 receives a new tunnel request from what it thinks is the same VPN client (because the source IP address is the same), so it drops the first tunnel.
You should enable Transparent Tunnelling either with UDP or TCP so the IPSec packets are encapsulated into TCP/UDP packets, then the PAT device should be able to handle it properly.
01-30-2004 06:20 AM
Yes, they were coming from the same IP, so your explaination would make sene... Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: