Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CVPN-3005 --> All works fine except it only allows 1 user to connect

Status
Not open for further replies.
ForumKid

ForumKid

MIS
Dec 21, 2001
122
US
I am having an issue. My group pool is 192.168.2.10-192.168.2.100. It only allows one user to connect. The first user grabs 192.168.2.10. If someone else tries to login, they grab 192.168.2.10 and it kicks off the user who was logged on first. It happens before the 2nd user even enters the password.

Any ideas?
 
Sort by date Sort by votes
what type of device is this?

PIX? Concentrator?

And any config would be helpful.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Concentrator CVPN-3005.

Using a group. The group has 100 simultaneous...wierd
 
Upvote 0 Downvote
Well, are they all using the same username/password ? are you trying from the same internet connection to connect with two different clients at the same time ?


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Different username/password. The users are connecting from the outside from the same location. So they both come in with the same public ip (internet router), but i cannot see that mattering....
 
Upvote 0 Downvote
Ya, that could matter, i have seen alot of weird problems with ipsec and nat in isp routers, try to upgrade the router on the location you are connecting from.
Also you could try to make sure you are running nat traversal/tcp or udp encapsulation of IPSec on the concentrator.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Yes I am running udp encapsulation of ESP. Very wierd. Not sure why someone would want a config to only allow 1 user.
 
Upvote 0 Downvote
not one user, but why would you have more than one user connecting from behind a broadband router?

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
The users are in location a. The vpn concentrator is in location b. Location a is an office. There are 10 people in that office that use a cable internet connection. THey have one router. They all gain access to the internet via the same ip which is the ip of the router. I think thats pretty standard. Basically all 10 users in location a need to connect to the concentrator in location b.

Im so lost here!
 
Upvote 0 Downvote
You should do a lan-2-lan tunnel instead from the router to the c3000, if it's a cisco router it won't be a big problem.


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Yeah, as dopehead said, you should do a site-2-site VPN. This would allow all users to use the VPN.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Some more details. If I login one person from location 1 and one person from location 2, both users stay connected. So its becuase there are multiple users coming from the same IP. I setup a lan-to-lan using the public ip, but it basically did the same thing. So im not sure that it the root cause. Any ideas?
 
Upvote 0 Downvote
did you configure a cisco router to do the lan-2-lan tunnel ?


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
No.The users are connecting from a linksys router, not a cisco router.

I then changed the group in the concentrator from REMOTE ACCESS to LAN-To-LAN. I see the group connecting, but now no users can connect. I am not sure what I am doing wrong. I cannot find any information on this anywhere.
 
Upvote 0 Downvote
Thats not how you create a lan to lan site on a concentrator, which is why it doesn't work. when doing lan-to-lan you have to configure your linksys for lan to lan and you c3005, and then you don't need the client. Kinda to big an explain to tell you how to do this in a msg, you should seek some prof. help from a local cisco partner i think


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
OK. I understand. I have gotten this far, so I think I can get the rest figured out.

Can you just tell me this though. Without LAN-to-LAN, there is NO WAY to have more than 1 user connected from the same remote connection (same public ip)?

Thanks so much.
 
Upvote 0 Downvote
sure, like i said, you might need to upgrade your router at the remote location or maybe try to enable udp encapsulation on the vpn 3000


Network Systems Engineer
CCNA/CQS/CCSP/Infosec
 
Upvote 0 Downvote
Just wanted to say thank you very much.

I made the following change on my concentrator and it fixed my problem.

IPSec over NAT-T Check to enable IPSec over NAT-T, which detects the need for UDP encapsulation in NAT/PAT environments, using UDP port 4500.

And you thought I needed a cisco guy to help me :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
809
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
230
Russtoleum
Russtoleum
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
248
ISDPCMAN
ISDPCMAN
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
771
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top