multiple vpn connections from same IP

Discussion in 'Cisco' started by Anubis, Sep 16, 2004.

  1. Anubis

    Anubis Guest

    Hi,

    I got a rather specific question:
    Me and my colleague are connecting to a Cisco VPN server with our
    Cisco VPN clients from different computers in our office network. The
    VPN server, which resides in another country, "receives" our
    connections from the same IP (our xDSL internet connection dynamic IP
    address).
    This seems to work, but only for a few minutes (10 or so). After
    working for a few minutes our connection is "reset by peer".
    Ofcourse this delays our work and we would like to stay connected
    until we disconnect ourselves (like it does when we use different
    internet connections).

    Anyone has any idea how we can solve this?
    Maybe I didn't mention this clearly enough, but we're residing in the
    same network and connecting through a router to the xDSL modem.

    Thanks in advance!

    Kind Regards,
    S.
     
    Anubis, Sep 16, 2004
    #1
    1. Advertising

  2. In article <>,
    Anubis <> wrote:
    :I got a rather specific question:
    :Me and my colleague are connecting to a Cisco VPN server with our
    :Cisco VPN clients from different computers in our office network. The
    :VPN server, which resides in another country, "receives" our
    :connections from the same IP (our xDSL internet connection dynamic IP
    :address).
    :This seems to work, but only for a few minutes (10 or so). After
    :working for a few minutes our connection is "reset by peer".
    :Ofcourse this delays our work and we would like to stay connected
    :until we disconnect ourselves (like it does when we use different
    :internet connections).

    :Anyone has any idea how we can solve this?
    :Maybe I didn't mention this clearly enough, but we're residing in the
    :same network and connecting through a router to the xDSL modem.

    Do the disconnects coincide with other people starting up sessions?
    If so then your problem is that the protocols used for VPNs (AH, ESP, and
    sometimes GRE) do not have 'ports' so it is not possible for your xDSL
    router to figure out -which- internal client to send an incoming AH, ESP,
    or GRE packet to.

    If this is what is happening to you then the solution is to use VPN client
    3.5 or later; use software on the VPN server that is no older than roughly
    the beginning of 2003; configure any filters or firewalls on your xDSL
    router to allow UDP port 4500 in both directions, and to configure the
    VPN server to have "NAT Traversal" enabled. With that all done, the
    VPN client and VPN server will negotiate UDP ports to communicate
    over, and will encapsulate the IPSec packets within UDP. Note that
    as the UDP is dynamically allocated, your filters or firewall must allow
    the dynamic port range through. If your firewall happens to be a
    Cisco PIX then you could have it do that automatically by using
    6.3(2) or later and configuring isakmp nat-traversal 20 -- that will
    tell the PIX to monitor the nat traversal negotiations and automatically
    open the proper ports.

    --
    Warhol's Law: every Usenet user is entitled to his or her very own
    fifteen minutes of flame -- The Squoire
     
    Walter Roberson, Sep 16, 2004
    #2
    1. Advertising

  3. Anubis

    PES Guest

    "Anubis" <> wrote in message
    news:...
    > Hi,
    >
    > I got a rather specific question:
    > Me and my colleague are connecting to a Cisco VPN server with our
    > Cisco VPN clients from different computers in our office network. The
    > VPN server, which resides in another country, "receives" our
    > connections from the same IP (our xDSL internet connection dynamic IP
    > address).
    > This seems to work, but only for a few minutes (10 or so). After
    > working for a few minutes our connection is "reset by peer".
    > Ofcourse this delays our work and we would like to stay connected
    > until we disconnect ourselves (like it does when we use different
    > internet connections).
    >
    > Anyone has any idea how we can solve this?
    > Maybe I didn't mention this clearly enough, but we're residing in the
    > same network and connecting through a router to the xDSL modem.
    >
    > Thanks in advance!
    >
    > Kind Regards,
    > S.


    I ran into something like this once. I found that if the crypto acl
    specified the vpn destination ip of the terminating vpn device, the isakmp
    could not renegotiate as required and would die when its lifetime expired.
     
    PES, Sep 17, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UEItZmFu?=

    XP HOME - Multiple Wireless connections at the same time

    =?Utf-8?B?UEItZmFu?=, Nov 4, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    530
    =?Utf-8?B?UEItZmFu?=
    Nov 4, 2005
  2. Elise
    Replies:
    6
    Views:
    838
    John Rennie
    May 22, 2004
  3. Scott
    Replies:
    1
    Views:
    609
    Aaron Leonard
    Aug 28, 2004
  4. Joey
    Replies:
    0
    Views:
    753
  5. pasatealinux
    Replies:
    1
    Views:
    2,066
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page