Now all our PCs are behind a firewall, and we need to use the cisco VPN client to connect to a Cisco Pix 506E firewall outside local network. We are using IPSec, the problem is only one people can connect to the Cisco firewall at one time, if the second ppl tries to connect, it will break first ppl's connection.
I want to know what should I do to let multiple users connect to the Cisco firewall simultaneously, what are the options I need to configure for the local firewall and what should I do to the VPN server (Cisco PIX 506E).
I think the behaviour is rather dependant on PIX version.
What user authentication is remote PIX using? I tried this with PIX6.3 and VPN Client 4.6 and found Cisco client from two PCs behind same source IP does work unless both using same username from AD, in which case first one ok, second one gets error 413 due to "simultaneous logins exceeded" from DC (not reported to user, looks to user like password failure).
Results were different for VPN client 3.6 - Cisco client from two PCs behind same source IP did not work to PIX or VPN Concentrator ? the second connection kicked the first one off.
Currently the version is Cisco PIX Firewall Version 6.3(5), and I am using Cisco VPN Client 4.6.00.0045.
The authentication on PIX is group authentication.
Now we have to static NAT the local machines outside the local firewall to have simultaneous access, it works but not that good. Still wonder what should I do to the local firewall and VPN server (PIX).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...