1. Home
  2. Virtual Private Networks
  3. Cannot establish more than 1 VPN connection

Cannot establish more than 1 VPN connection

Folks, I have configured the Pix firewall for VPN setup and am using the Cisco VPN client 4.0.However I am able to tunnel only one connection,meaningif another connection comes in the existing connecting is kicked out.

Do I need to configure anything for multiple access or is it that my hardware supports only 1 connection.Any help is highly appreciated?

I have given my Configuration below.....

PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 enable password dP6LztWI/VQ0Swy0 encrypted passwd qESl5f9ayuCTSGcv encrypted hostname aspcpix1 domain-name frontline.com.sg fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 fixup protocol domain 53 no names access-list acl_dmz permit tcp host 10.0.12.242 10.0.11.0 255.255.255.0 access-list acl_dmz permit tcp host 10.0.12.241 10.0.11.0 255.255.255.0 access-list acl_dmz deny ip any any access-list 200 permit ip 10.0.11.0 255.255.255.0 10.0.99.252

255.255.255.252 pager lines 24 logging on logging trap informational logging host inside 192.168.4.251 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside xxx.xxx.xxx.xxx 255.255.255.192 ip address inside 10.0.11.253 255.255.255.0 ip address dmz 10.0.12.253 255.255.255.240 ip audit name outside info action alarm ip audit name info1 info action alarm ip audit interface outside info1 ip audit info action alarm ip audit attack action alarm ip local pool vpnppol 10.0.99.253-10.0.99.254 no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 pdm history enable arp inside 192.168.4.101 0020.7818.362a arp timeout 14400 global (outside) 1 interface nat (dmz) 1 10.0.12.243 255.255.255.255 0 0 static (dmz,outside) tcp 203.166.136.31 www 10.0.12.243 8000 netmask 255.255.255 .255 0 0 static (dmz,outside) tcp 203.166.136.31 smtp 10.0.12.243 smtp netmask 255.255.25 5.255 0 0 static (dmz,outside) tcp 203.166.136.31 8000 10.0.12.243 www netmask 255.255.255 .255 0 0 static (dmz,outside) tcp 203.166.136.31 pop3 10.0.12.243 pop3 netmask 255.255.25 5.255 0 0 static (dmz,outside) tcp 203.166.136.31 imap4 10.0.12.243 imap4 netmask 255.255. 255.255 0 0 static (dmz,outside) tcp 203.166.136.30 3389 10.0.12.241 3389 netmask 255.255.25 5.255 0 0 static (dmz,outside) tcp 203.166.136.30 www 10.0.12.241 www netmask 255.255.255. 255 0 0 static (dmz,outside) tcp 203.166.136.30 ssh 10.0.12.242 ssh netmask 255.255.255. 255 0 0 static (inside,outside) tcp interface ftp 10.0.11.191 ftp netmask 255.255.255.25 5 0 0 static (inside,dmz) 10.0.11.0 10.0.11.0 netmask 255.255.255.0 0 0 access-group acl_out in interface outside access-group acl_dmz in interface dmz route outside 0.0.0.0 0.0.0.0 203.166.136.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http server enable http 192.168.4.32 255.255.255.255 inside http 192.168.4.33 255.255.255.255 inside http 192.168.4.132 255.255.255.255 inside snmp-server host inside 192.168.4.132 snmp-server host inside 192.168.4.3 snmp-server host inside 192.168.4.5 no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps tftp-server inside 192.168.4.3 /aspcpix1-config floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp client configuration address-pool local vpnppol outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup vpngrp address-pool vpnppol vpngroup vpngrp idle-time 1800 vpngroup vpngrp password ******** telnet 192.168.4.132 255.255.255.255 inside telnet 192.168.4.32 255.255.255.255 inside telnet 192.168.4.251 255.255.255.255 inside telnet 10.0.12.241 255.255.255.255 dmz telnet 10.0.12.242 255.255.255.255 dmz telnet timeout 30 ssh 192.168.4.33 255.255.255.255 inside ssh timeout 60 terminal width 80 Cryptochecksum:22652e21edb479617b7c28400427bfe1

aspcpix1#sh version aspcpix1# sh version

Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.0(2)

Compiled on Fri 07-Jun-02 17:49 by morlee

aspcpix1 up 43 days 18 hours

Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0050.54ff.df5c, irq 10 1: ethernet1: address is 0050.54ff.df5d, irq 7 2: ethernet2: address is 00d0.b7be.c091, irq 11 Licensed Features: Failover: Enabled VPN-DES: Enabled VPN-3DES: Disabled Maximum Interfaces: 6 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: Unlimited Throughput: Unlimited IKE peers: Unlimited

Serial Number: 480291727 (0x1ca0ab8f) Running Activation Key: 0x564b08c8 0x7012d7ff 0xfa11604f 0xb660803d Configuration last modified by enable_15 at 16:43:22.293 UTC Thu Apr 6

2006
Reply to
unknown
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.