Cisco870, multiple VPN connection, same originating IP, possible?

Question

I have 2 users that need VPN into the office from the same originating IP. They are not able to connect simultaneously though. Is this a limitation of the Cisco box, or of the Linksys router on site there?

EDIT: Source machines are both using Cisco VPN Client, V5

Maybe some more details on your setup?... Are you using NAT? — xeon, Oct 14 '09 at 19:52
Are they using Cisco VPN clients or Windows/OSX built-in ones? — , Oct 14 '09 at 20:16

score 0 · Accepted Answer · answered Oct 14 '09 at 20:11

0

If the source machines are connecting via a NAT router then standard IPsec VPN's wont work - the ESP protocol used by IPsec doesn't play friendly with NAT's as they use port remapping and ESP doesn't have a concept of ports. An L2TP\IPsec VPN can tunnel multiple concurrent clients through a NAT because it encapsulates the IPSec payload inside a UDP tunnel which does play nicely with NAT environments.

answered Oct 14 '09 at 20:11

Helvick

20,019
4
38
55

The source machines are connecting via consumer Linksys wireless router. – DanBig Oct 14 '09 at 20:24
1

Check with the LinkSys documentation to see if it supports l2tp-nat-passthrough or something that sounds similar. Some consumer NAT routers do and some don't, and even those that do may not be able to support multiple connections to your VPN but it's worth checking. Also as David Collantes indicates the VPN client is important - the Cisco client has much better support for NAT clients than the Microsoft clients (at least up to Vista, not sure if things have improved with Windows7) – Helvick Oct 14 '09 at 20:45

Cisco870, multiple VPN connection, same originating IP, possible?

1 Answers1