Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
0
Helpful
3
Replies

VPN 3000 Multiple remote access clients with same IP address?

colin.lynch
Level 4
Level 4

‎07-27-2006 11:16 PM - edited ‎02-21-2020 02:33 PM

Hi I have a VPN 3015 which serves as a remote access termination point for several customers. My Issue is that one customer requires several similtanous connections to us from users on thier private network which are behind thier firewall which get PAT'd. So when two users from this network try to establish a remote VPN connection to our concentrator only one is allowed and then gets kicked off and replaced when the next remote client connects and so on.

It looks like the concentrator does not recognise these as different hosts due to these hosts using the same source IP.

Can the concentrator support multiple connections from the same (PAT'd) IP source address i.e same source addr different port.

I have tried creating multiple user accounts etc.. but again as soon as a different user from the same remote private network connects it replaces the current users connection.

Hope this makes sense

Thanks in advance.

Colin

Labels:
0 Helpful
3 Replies 3

colin.lynch
Level 4
Level 4

‎07-28-2006 12:40 AM

Correction to above.

Actually once once one remote host is connected. If the second remote host from the same network attempts to connect over PPTP the remote client gets an instant error popup saying "VPN server may be uncontactable or security settings not configured to allow connection" when I check the concentrator event log the corresponding entry shows

"6340 07/28/2006 09:25:12.100 SEV=4 PPTP/33 RPT=57 192.168.1.1

PPTP tunnel for peer 192.168.1.1 denied - already established"

I'll see if I get the same issue using an IPSEC client.

Regards

Colin

0 Helpful

colin.lynch
Level 4
Level 4

‎07-28-2006 01:13 AM

Hi I have just put an IPSEC client on the remote PC's and that works fine, so it seems the issue is with the PPTP.

Can PPTP be configured on the concentrator to allow these multiple connections or is it just a limitation of the protocol?

Regards

Colin

0 Helpful

jbrunner007
Level 1
Level 1
In response to colin.lynch

‎07-28-2006 06:34 AM

if your clients were behind a pix firewall it could be done with pptp. later versions of pix code now support

fixup pptp. this fixup allows pptp (gre/tcp1723) to be mapped to pat, like ipsec for sometime (ipsec over udp/tcp).

Perhaps your users can install a pix ?

0 Helpful
Customers Also Viewed These Support Documents