Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Simultanious user error.

I have a VPN user profile on my 3000 concentrator. This user is set for only 1 concurrent login. The problem is, if someone else trys to connect to the concentrator with the same user and credentials, it will kick the original connection off, and let the second one create a tunnel. Shouldn't it be the other way around? What if I have a legitimate user tunneled in, and a hacker connects and creates a tunnel?

Thanks in advance,

Mike

2 REPLIES
Cisco Employee

Re: Simultanious user error.

It should be the other way around, yes.

Are these two users tunnelling in from behind the same device doing PAT? If so then this may be your problem, not the concurrent user limit. Some PAT devices can't handle PAT'ing IPSec traffic cause it's not TCP or UDP based, and so they'll just send the packets through. The 3000 receives a new tunnel request from what it thinks is the same VPN client (because the source IP address is the same), so it drops the first tunnel.

You should enable Transparent Tunnelling either with UDP or TCP so the IPSec packets are encapsulated into TCP/UDP packets, then the PAT device should be able to handle it properly.

New Member

Re: Simultanious user error.

Yes, they were coming from the same IP, so your explaination would make sene... Thanks!

83
Views
0
Helpful
2
Replies
CreatePlease to create content