Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN troubles

Pix 515

ver 6.1(1)

I have remote users that connect via the Cisco VPN Client software.

software ver 3.5

works great!

Our sister company has need to access our Lan via Vpn...

I have set up the remote site with VPN client software on the desktops.

OS for w/s is win2k and nt4.

When one w/s is connected (NT4 or WIN2K)they can view drawings , files.etc

on our LAN. It doesn't matter which one is connected first , if you try to connect the second w/s it times out.

Only one connection at a time.

Remote site has DSL connecting through a Linksys BEFVP41.

They are currently using a site to site vpn between there office and a remote office.

Any suggestions would be appreciated.

New Member

Re: VPN troubles

First, the reason that only one user can connect using a VPN Client. Linksys routers are capable of allowing IPSec to pass through the router to connect to a VPN Gateway such as your PIX Firewall. However, this is limited to a single connection. This isn't an issue with Linksys routers. Rather, it has to do with limitations of the underlying protocols of IKE and IPSec when passing through a Network Address Translation router.

The real question is why don't you establish a LAN-to-LAN VPN connection between the Linksys BEFVP41 router and your PIX Firewall? This way, nobody on the remote LAN would need to use a VPN client and multiple users could concurrently use resources at your location.

Linksys has a knowledge base article on how to connect to Cisco if I remember correctly. You will also need to be running the latest firmware on the linksys router. This does work though. We have three locations using the Linksys BEFVP41 to connect to our PIX 520 Firewall.

New Member

Re: VPN troubles

Thank you for your response!

I have tried to set up a Site-to-Site.

I can get the Tunnel established.

I can ping inside LAN addresses on his end from my PIX

but he cannot get inside my network.

Would it have anything to do with the ACL ?

I used (diffie-hellman) group 1 in the setup is that correct?

It would really help me if you would give me a config for the PIX and your

Linksys. You can make it generic(ip addresses etc.)

I did contact a CCIE and he told me that he didn't think that a site-to-site could be established between the 2.



I forgot to tell you that the remote site has a tunnel established now between 2 linksys routers .

CreatePlease login to create content