Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
3
Replies

multiple vpn connections from offsite location

kwcity
Level 1
Level 1

‎08-01-2005 08:01 AM - edited ‎02-21-2020 01:53 PM

I have offices that we are trying to connect to our main office using cisco vpn client ver 4.6. The offsite location has a dsl connection to the internet and a hub in place to allow for multiple computers. I can only connect one computer at a time in the office back to the cisco 3000 concentrator. if I try to connect with another computer the connected computer gets kicked off. i have received the following error message secure vpn connection terminated locally by the client: reason 412 the remote peer is no longer responding. could this be due to the hubs in place?

westell modems and routers

hubs connected to modems and routers

win2k and winxp on pcs

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎08-01-2005 09:31 AM

I am guessing that at the remote offices where there are multiple client machines going out to the Internet through the DSL that the addresses are being translated from private addresses to public address. And I guess that all of the private addresses from the clients are being translated to the same outside address (overload or PAT depending on your terminology).

If this is true then what is happening is that the concentrator has an active session with one client and receives an request for a new connection with the same source address. So it stops the first session and begins the new session.

HTH

Rick

HTH

Rick
0 Helpful

kwcity
Level 1
Level 1
In response to Richard Burts

‎08-01-2005 09:43 AM

We are using default configs on the dsl hardware. we only get one ip from our isp. can we make config change on the concentrator to allow multiple connections or do we need to focus on the dsl router and setting up pat? I would think the latter but I am not that familiar with the concentrator.

mike

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to kwcity

‎08-01-2005 10:19 AM

Since an IPSec peer is usually identified by its IP address, I am not sure what could be done to ease this on the concentrator. I think the solution is more likely to be at the remote site.

If you get a single IP address from the provider I am not sure what you could do to translate into multiple addresses. Perhaps there is (or might be provisioned) a device at the remote site through which clients might go and which could be the single peer that the concentrator expects. When I have implemented things similar to your environment we have provisioned a small Cisco router at the remote which is configured to connect with IPSec to the central site. You then configure the concentrator that this connection is a LAN to LAN connection rather than a remote access connection. This successfully accomodates multiple user connections over the single IPSec session.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents