Cannot establish more than 1 VPN connection

Cannot establish more than 1 VPN connection
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Cannot establish more than 1 VPN connection unknown 04-06-2006
Posted by unknown on April 6, 2006, 5:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Folks,
I have configured the Pix firewall for VPN setup and am using the Cisco
VPN client 4.0.However I am able to tunnel only one
connection,meaningif another connection comes in the existing
connecting is kicked out.

Do I need to configure anything for multiple access or is it that my
hardware supports only 1 connection.Any help is highly appreciated?

I have given my Configuration below.....


PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password dP6LztWI/VQ0Swy0 encrypted
passwd qESl5f9ayuCTSGcv encrypted
hostname aspcpix1
domain-name frontline.com.sg
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol domain 53
no names
access-list acl_dmz permit tcp host 10.0.12.242 10.0.11.0 255.255.255.0
access-list acl_dmz permit tcp host 10.0.12.241 10.0.11.0 255.255.255.0
access-list acl_dmz deny ip any any
access-list 200 permit ip 10.0.11.0 255.255.255.0 10.0.99.252
255.255.255.252
pager lines 24
logging on
logging trap informational
logging host inside 192.168.4.251
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside xxx.xxx.xxx.xxx 255.255.255.192
ip address inside 10.0.11.253 255.255.255.0
ip address dmz 10.0.12.253 255.255.255.240
ip audit name outside info action alarm
ip audit name info1 info action alarm
ip audit interface outside info1
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnppol 10.0.99.253-10.0.99.254
no failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address dmz 0.0.0.0
pdm history enable
arp inside 192.168.4.101 0020.7818.362a
arp timeout 14400
global (outside) 1 interface
nat (dmz) 1 10.0.12.243 255.255.255.255 0 0
static (dmz,outside) tcp 203.166.136.31 www 10.0.12.243 8000 netmask
255.255.255
.255 0 0
static (dmz,outside) tcp 203.166.136.31 smtp 10.0.12.243 smtp netmask
255.255.25
5.255 0 0
static (dmz,outside) tcp 203.166.136.31 8000 10.0.12.243 www netmask
255.255.255
.255 0 0
static (dmz,outside) tcp 203.166.136.31 pop3 10.0.12.243 pop3 netmask
255.255.25
5.255 0 0
static (dmz,outside) tcp 203.166.136.31 imap4 10.0.12.243 imap4 netmask
255.255.
255.255 0 0
static (dmz,outside) tcp 203.166.136.30 3389 10.0.12.241 3389 netmask
255.255.25
5.255 0 0
static (dmz,outside) tcp 203.166.136.30 www 10.0.12.241 www netmask
255.255.255.
255 0 0
static (dmz,outside) tcp 203.166.136.30 ssh 10.0.12.242 ssh netmask
255.255.255.
255 0 0
static (inside,outside) tcp interface ftp 10.0.11.191 ftp netmask
255.255.255.25
5 0 0
static (inside,dmz) 10.0.11.0 10.0.11.0 netmask 255.255.255.0 0 0
access-group acl_out in interface outside
access-group acl_dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 203.166.136.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.4.32 255.255.255.255 inside
http 192.168.4.33 255.255.255.255 inside
http 192.168.4.132 255.255.255.255 inside
snmp-server host inside 192.168.4.132
snmp-server host inside 192.168.4.3
snmp-server host inside 192.168.4.5
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps
tftp-server inside 192.168.4.3 /aspcpix1-config
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp client configuration address-pool local vpnppol outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpngrp address-pool vpnppol
vpngroup vpngrp idle-time 1800
vpngroup vpngrp password ********
telnet 192.168.4.132 255.255.255.255 inside
telnet 192.168.4.32 255.255.255.255 inside
telnet 192.168.4.251 255.255.255.255 inside
telnet 10.0.12.241 255.255.255.255 dmz
telnet 10.0.12.242 255.255.255.255 dmz
telnet timeout 30
ssh 192.168.4.33 255.255.255.255 inside
ssh timeout 60
terminal width 80
Cryptochecksum:22652e21edb479617b7c28400427bfe1

aspcpix1#sh version
aspcpix1# sh version

Cisco PIX Firewall Version 6.2(2)
Cisco PIX Device Manager Version 2.0(2)

Compiled on Fri 07-Jun-02 17:49 by morlee

aspcpix1 up 43 days 18 hours

Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0050.54ff.df5c, irq 10
1: ethernet1: address is 0050.54ff.df5d, irq 7
2: ethernet2: address is 00d0.b7be.c091, irq 11
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited

Serial Number: 480291727 (0x1ca0ab8f)
Running Activation Key: 0x564b08c8 0x7012d7ff 0xfa11604f 0xb660803d
Configuration last modified by enable_15 at 16:43:22.293 UTC Thu Apr 6
2006


Similar ThreadsPosted
Cisco VPN Client 5.0.00.0340 Will not establish a connection. April 7, 2008, 4:56 pm
Cisco vpnclient 4.8.00 on x86_64 FC5: Failed to establish a VPN connection April 27, 2007, 8:58 am
Cisco vpnclient 4.8.00 on x86_64 FC5: Failed to establish a VPN connection April 27, 2007, 9:17 am
vpn problems to win2k server error "Error 800: Unable to establish connection " September 14, 2005, 12:46 pm
Can establish IPSec Tunnel but no traffic through it March 9, 2006, 5:52 pm
VPN connection kills Internet Connection October 10, 2005, 9:35 am
vpn connection February 4, 2007, 11:10 am
Connection to Corp VPN June 4, 2005, 5:58 am
how configration VPN connection October 28, 2005, 1:06 pm
VPN Connection Headache January 14, 2006, 8:47 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map