New Pix506e and VPN Client software help needed!!!

Discussion in 'Cisco' started by pickjunior@hotmail.com, Dec 6, 2004.

  1. Guest

    Hello folks

    I've got a Pix 506e in my main office and have recently established a
    smaller office elsewhere. I have installed the vpn client software on
    the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
    issue with getting 2 connected at the same time. Is there a way to
    allow more than 1 pc to connect? I understand that the office is NAT'd
    so both pc's have the same outside IP address...

    I'd just like to be able to tell the firewall to allow more than one
    connection per IP addy. Is this possible?
     
    , Dec 6, 2004
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :I've got a Pix 506e in my main office and have recently established a
    :smaller office elsewhere. I have installed the vpn client software on
    :the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
    :issue with getting 2 connected at the same time. Is there a way to
    :allow more than 1 pc to connect? I understand that the office is NAT'd
    :so both pc's have the same outside IP address...

    :I'd just like to be able to tell the firewall to allow more than one
    :connection per IP addy. Is this possible?

    To do that, you need PIX 6.3(1) or later, and you have to turn on
    isakmp nat-traversal, preferably on both PIXes.

    Without isakmp nat-traversal, you cannot do it. The VPN Client software
    uses IPSec, which relies in part on packets that use the IP protocol
    'ESP'. Not TCP or UDP -port-, but -protocol- (on the same level as
    TCP or UDP.) ESP has no concept of ports, so it is not possible to
    do PAT (Port Address Translation) on ESP packets in order to be able
    to figure out which if the internal systems the ESP reply should go
    back to.
    --
    Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
    Aleph sub {Aleph sub two} little infinities...
     
    Walter Roberson, Dec 6, 2004
    #2
    1. Advertising

  3. John Smith Guest

    or you could configure a site-to-site vpn tunnel (instead of PC to site).
    this means no end user interaction once configured properly and it is also
    means the tunnel is (nearly) always up.
    although you did not specifically state that you have an ipsec capable
    router/firewall at the new site. is this the case?
    otherwise you will have to use the aforementioned nat traversal command...

    <> wrote in message
    news:...
    > Hello folks
    >
    > I've got a Pix 506e in my main office and have recently established a
    > smaller office elsewhere. I have installed the vpn client software on
    > the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
    > issue with getting 2 connected at the same time. Is there a way to
    > allow more than 1 pc to connect? I understand that the office is NAT'd
    > so both pc's have the same outside IP address...
    >
    > I'd just like to be able to tell the firewall to allow more than one
    > connection per IP addy. Is this possible?
    >
     
    John Smith, Dec 6, 2004
    #3
  4. Guest

    Thanks for the suggestions. I've ordered a Cisco 831 to go at the other
    end to facilitate the site-to-site vpn :)
     
    , Dec 7, 2004
    #4
  5. Guest

    wrote:
    > Thanks for the suggestions. I've ordered a Cisco 831 to go at the

    other
    > end to facilitate the site-to-site vpn :)


    Will the Cisco 831 be ok with a NAT'd internal IP address, or does it
    need a static external IP address?
    I'm in a serviced office with a shared connection...
     
    , Dec 8, 2004
    #5
  6. Terry Guest

    I currently have a similar setup with the 506e, and successfully am using
    multiple clients logging in at the same time. What you do is set up a group
    name and ip pool for each login/user. They will then get their own assigned
    IP when they log in.


    <> wrote in message
    news:...
    > Hello folks
    >
    > I've got a Pix 506e in my main office and have recently established a
    > smaller office elsewhere. I have installed the vpn client software on
    > the PC's (W2K Pro) and one pc at a time can connect fine. I'm having an
    > issue with getting 2 connected at the same time. Is there a way to
    > allow more than 1 pc to connect? I understand that the office is NAT'd
    > so both pc's have the same outside IP address...
    >
    > I'd just like to be able to tell the firewall to allow more than one
    > connection per IP addy. Is this possible?
    >
     
    Terry, Dec 8, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ian Sime

    VPN Client / PIX506e

    Ian Sime, Jan 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    520
    Ian Sime
    Jan 28, 2004
  2. bob
    Replies:
    2
    Views:
    549
  3. Leon Willard
    Replies:
    0
    Views:
    493
    Leon Willard
    Jul 1, 2005
  4. Replies:
    8
    Views:
    783
    Walter Roberson
    May 8, 2006
  5. aimeruko

    Cisco 1841 and Pix506e VPN

    aimeruko, Sep 26, 2006, in forum: General Computer Support
    Replies:
    0
    Views:
    1,626
    aimeruko
    Sep 26, 2006
Loading...

Share This Page