Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > New Pix506e and VPN Client software help needed!!!

Reply
Thread Tools

New Pix506e and VPN Client software help needed!!!

 
 
pickjunior@hotmail.com
Guest
Posts: n/a
 
      12-06-2004
Hello folks

I've got a Pix 506e in my main office and have recently established a
smaller office elsewhere. I have installed the vpn client software on
the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
issue with getting 2 connected at the same time. Is there a way to
allow more than 1 pc to connect? I understand that the office is NAT'd
so both pc's have the same outside IP address...

I'd just like to be able to tell the firewall to allow more than one
connection per IP addy. Is this possible?

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-06-2004
In article <(E-Mail Removed). com>,
<(E-Mail Removed)> wrote:
:I've got a Pix 506e in my main office and have recently established a
:smaller office elsewhere. I have installed the vpn client software on
:the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
:issue with getting 2 connected at the same time. Is there a way to
:allow more than 1 pc to connect? I understand that the office is NAT'd
:so both pc's have the same outside IP address...

:I'd just like to be able to tell the firewall to allow more than one
:connection per IP addy. Is this possible?

To do that, you need PIX 6.3(1) or later, and you have to turn on
isakmp nat-traversal, preferably on both PIXes.

Without isakmp nat-traversal, you cannot do it. The VPN Client software
uses IPSec, which relies in part on packets that use the IP protocol
'ESP'. Not TCP or UDP -port-, but -protocol- (on the same level as
TCP or UDP.) ESP has no concept of ports, so it is not possible to
do PAT (Port Address Translation) on ESP packets in order to be able
to figure out which if the internal systems the ESP reply should go
back to.
--
Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
Aleph sub {Aleph sub two} little infinities...
 
Reply With Quote
 
 
 
 
John Smith
Guest
Posts: n/a
 
      12-06-2004
or you could configure a site-to-site vpn tunnel (instead of PC to site).
this means no end user interaction once configured properly and it is also
means the tunnel is (nearly) always up.
although you did not specifically state that you have an ipsec capable
router/firewall at the new site. is this the case?
otherwise you will have to use the aforementioned nat traversal command...

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hello folks
>
> I've got a Pix 506e in my main office and have recently established a
> smaller office elsewhere. I have installed the vpn client software on
> the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
> issue with getting 2 connected at the same time. Is there a way to
> allow more than 1 pc to connect? I understand that the office is NAT'd
> so both pc's have the same outside IP address...
>
> I'd just like to be able to tell the firewall to allow more than one
> connection per IP addy. Is this possible?
>



 
Reply With Quote
 
pickjunior@hotmail.com
Guest
Posts: n/a
 
      12-07-2004
Thanks for the suggestions. I've ordered a Cisco 831 to go at the other
end to facilitate the site-to-site vpn

 
Reply With Quote
 
pickjunior@hotmail.com
Guest
Posts: n/a
 
      12-08-2004

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> Thanks for the suggestions. I've ordered a Cisco 831 to go at the

other
> end to facilitate the site-to-site vpn


Will the Cisco 831 be ok with a NAT'd internal IP address, or does it
need a static external IP address?
I'm in a serviced office with a shared connection...

 
Reply With Quote
 
Terry
Guest
Posts: n/a
 
      12-08-2004
I currently have a similar setup with the 506e, and successfully am using
multiple clients logging in at the same time. What you do is set up a group
name and ip pool for each login/user. They will then get their own assigned
IP when they log in.


<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hello folks
>
> I've got a Pix 506e in my main office and have recently established a
> smaller office elsewhere. I have installed the vpn client software on
> the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
> issue with getting 2 connected at the same time. Is there a way to
> allow more than 1 pc to connect? I understand that the office is NAT'd
> so both pc's have the same outside IP address...
>
> I'd just like to be able to tell the firewall to allow more than one
> connection per IP addy. Is this possible?
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 1841 and Pix506e VPN aimeruko General Computer Support 0 09-26-2006 07:50 AM
PIX506E VPN/ACL Config Help marcus.bowles@gmail.com Cisco 8 05-08-2006 03:35 PM
XP SP-2 Client VPN Connection thru PIX506E to W2K server Problem Leon Willard Cisco 0 07-01-2005 07:01 PM
PIX506E and VPN and Web Browsing bob Cisco 2 07-26-2004 11:20 PM
VPN Client / PIX506e Ian Sime Cisco 0 01-28-2004 02:14 PM



Advertisments