If you're using the Cisco VPN client / VPN Server, you can have the client tunnel the traffic over TCP port 10,000 (default port, it can be changed). This allows multiple clients behind any NAT device to use the VPN Server. The NAT router just sees multiple TCP streams, so it's happy. We've used this feature for years with good success. The VPN Server needs to support this feature, we have a Cisco 3060 (3000 series), not sure if the ASA series supports its.
- Carl Oakes California State University Sacramento From: Fishel Erps [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 08, 2008 1:49 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Multiple VPN Connections through home router Lee, Look into the Cisco ASA5505 as a home router/firewall alternative. You may also want to look into using them for LAN-to-LAN VPN Tunneling. That would eliminate the issue of multiple VPN pass-through. Lee H Badman wrote: Is Microsoft VPN, L2TP/IPSec. Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ________________________________ From: Fishel Erps [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 08, 2008 3:13 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Multiple VPN Connections through home router Lee, What device on the inside of your network are the inbound VPN connections terminating on? Lee H Badman wrote: Not your typical WLAN question... We use L2TP/IPSec VPN for remote access into campus for home users, travelers, vendors, etc. Other than secure remote access, we also like to tout this as a way to secure home wireless network sessions for those who don't otherwise turn on their security options. Here's the problem: we have a growing number of cases where multiple (usually 2, like spouses or roommates) users attempt to VPN through the consumer class SOHO routers (wired and/or wireless). When more than one session is attempted, either the first is the only one that works, or the first gets bumped. We have done some research on units that promise multiple session pass-through (like DLink's WGT624, for example) but are not having luck. So- wondering if others have the same problem with remote users and multiple VPN sessions through the SOHO boxes, and if you have found a model or two that are friendly to multiple sessions (without fixing IP addresses and doing port forwarding/triggering). Thanks much- Lee Lee H. Badman Wireless/Network Engineer Information Technology and Services Syracuse University 315 443-3003 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- ___________________________________ ___________________________________ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ___________________________________ ___________________________________ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- ___________________________________ ___________________________________ Fishel Erps Sr. Network Infrastructure Engineer School of Visual Arts Work LL: 212-592-2416 Work Cell: 646-201-2766 Fax: 212-592-2243 E-Mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ___________________________________ ___________________________________ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.