07-27-2006 11:16 PM - edited 02-21-2020 02:33 PM
Hi I have a VPN 3015 which serves as a remote access termination point for several customers. My Issue is that one customer requires several similtanous connections to us from users on thier private network which are behind thier firewall which get PAT'd. So when two users from this network try to establish a remote VPN connection to our concentrator only one is allowed and then gets kicked off and replaced when the next remote client connects and so on.
It looks like the concentrator does not recognise these as different hosts due to these hosts using the same source IP.
Can the concentrator support multiple connections from the same (PAT'd) IP source address i.e same source addr different port.
I have tried creating multiple user accounts etc.. but again as soon as a different user from the same remote private network connects it replaces the current users connection.
Hope this makes sense
Thanks in advance.
Colin
07-28-2006 12:40 AM
Correction to above.
Actually once once one remote host is connected. If the second remote host from the same network attempts to connect over PPTP the remote client gets an instant error popup saying "VPN server may be uncontactable or security settings not configured to allow connection" when I check the concentrator event log the corresponding entry shows
"6340 07/28/2006 09:25:12.100 SEV=4 PPTP/33 RPT=57 192.168.1.1
PPTP tunnel for peer 192.168.1.1 denied - already established"
I'll see if I get the same issue using an IPSEC client.
Regards
Colin
07-28-2006 01:13 AM
Hi I have just put an IPSEC client on the remote PC's and that works fine, so it seems the issue is with the PPTP.
Can PPTP be configured on the concentrator to allow these multiple connections or is it just a limitation of the protocol?
Regards
Colin
07-28-2006 06:34 AM
if your clients were behind a pix firewall it could be done with pptp. later versions of pix code now support
fixup pptp. this fixup allows pptp (gre/tcp1723) to be mapped to pat, like ipsec for sometime (ipsec over udp/tcp).
Perhaps your users can install a pix ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide