Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco VPN Client behind NAT with multiple users

Reply
Thread Tools

Cisco VPN Client behind NAT with multiple users

 
 
gcave@routergod.com
Guest
Posts: n/a
 
      06-21-2005
I need some advise. I have a customer that is using a Cisco VPN client
into their PIX at the main location. At the remote side they have a
Netgear WGT624 router with the latest firmware. When the first user
authenticates it prompts for the password and works great. When the
second user trys to connect he is not even prompted for a password and
is immediately logged in. The second user is authenticated with the
username and password of the first user. If the both users log off and
the second user logs in, he is prompted for his password and all is
well. Since it appears that I each VPN tunnel needs it own global
address, my solution is to order multiple static IP's from my provider
and setup dynamic NAT on a 26xx:

ip nat pool ADDRESSES 12.1.1.1 12.1.1.6 mask 255.255.255.248
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 pool ADDRESSES
int f0/0
ip nat inside
int s0/0
ip nat outside

I believe this solution will work but is there no other solution I can
implement on my Netgear device? This is not exactly a cheap solution.

Greg

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      06-21-2005
In article <(E-Mail Removed) .com>,
<(E-Mail Removed)> wrote:
:I need some advise. I have a customer that is using a Cisco VPN client
:into their PIX at the main location. At the remote side they have a
:Netgear WGT624 router with the latest firmware. When the first user
:authenticates it prompts for the password and works great. When the
:second user trys to connect he is not even prompted for a password and
:is immediately logged in. The second user is authenticated with the
:username and password of the first user. If the both users log off and
:the second user logs in, he is prompted for his password and all is
:well. Since it appears that I each VPN tunnel needs it own global
:address, my solution is to order multiple static IP's from my provider
:and setup dynamic NAT on a 26xx:

You need "nat traversal". You could try turning it on on
the PIX, isakmp nat-traversal 20
and see if that helps; if not, then it might be time to think
about replacing the Netgear with something that does support NAT-T.
--
Oh, to be a Blobel!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: VPN Client to PIX1 from home OK - VPN Client to PIX1 Fails from behind PIX2 firewall D K Cisco 4 12-04-2006 02:00 PM
Multiple users connecting to 506e behind NAT UltyGodc Cisco 1 06-22-2005 10:06 PM
VPN on PIX can't work with vpn client behind nat Tomi Cisco 3 05-11-2005 11:43 AM
SecuRemote (CP VPN client) behind Cisco Router with NAT enabled Nick Brandson Cisco 1 07-26-2004 10:26 PM
VPN, from nat without VPN to nat with it Allan Wilson Cisco 1 07-05-2004 10:51 PM



Advertisments