Cisco VPN Client behind NAT with multiple users

Discussion in 'Cisco' started by gcave@routergod.com, Jun 21, 2005.

  1. Guest

    I need some advise. I have a customer that is using a Cisco VPN client
    into their PIX at the main location. At the remote side they have a
    Netgear WGT624 router with the latest firmware. When the first user
    authenticates it prompts for the password and works great. When the
    second user trys to connect he is not even prompted for a password and
    is immediately logged in. The second user is authenticated with the
    username and password of the first user. If the both users log off and
    the second user logs in, he is prompted for his password and all is
    well. Since it appears that I each VPN tunnel needs it own global
    address, my solution is to order multiple static IP's from my provider
    and setup dynamic NAT on a 26xx:

    ip nat pool ADDRESSES 12.1.1.1 12.1.1.6 mask 255.255.255.248
    access-list 1 permit 192.168.1.0 0.0.0.255
    ip nat inside source list 1 pool ADDRESSES
    int f0/0
    ip nat inside
    int s0/0
    ip nat outside

    I believe this solution will work but is there no other solution I can
    implement on my Netgear device? This is not exactly a cheap solution.

    Greg
    , Jun 21, 2005
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :I need some advise. I have a customer that is using a Cisco VPN client
    :into their PIX at the main location. At the remote side they have a
    :Netgear WGT624 router with the latest firmware. When the first user
    :authenticates it prompts for the password and works great. When the
    :second user trys to connect he is not even prompted for a password and
    :is immediately logged in. The second user is authenticated with the
    :username and password of the first user. If the both users log off and
    :the second user logs in, he is prompted for his password and all is
    :well. Since it appears that I each VPN tunnel needs it own global
    :address, my solution is to order multiple static IP's from my provider
    :and setup dynamic NAT on a 26xx:

    You need "nat traversal". You could try turning it on on
    the PIX, isakmp nat-traversal 20
    and see if that helps; if not, then it might be time to think
    about replacing the Netgear with something that does support NAT-T.
    --
    Oh, to be a Blobel!
    Walter Roberson, Jun 21, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nick Brandson
    Replies:
    1
    Views:
    917
    Alan Strassberg
    Jul 26, 2004
  2. Rodney
    Replies:
    3
    Views:
    5,099
    CISCORUBS
    Aug 17, 2004
  3. Tomi
    Replies:
    3
    Views:
    1,928
  4. UltyGodc
    Replies:
    1
    Views:
    401
    Jyri Korhonen
    Jun 22, 2005
  5. D K
    Replies:
    4
    Views:
    454
Loading...

Share This Page