1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082 - multiple cisco vpn clients connecting to same vpn gateway

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by msabri, Sep 5, 2006.

  1. msabri

    msabri LI Guru Member

    Hello All,

    Just wanted to confirm if Linksys RV082 allows multiple cisco vpn clients to a gateway. (vpn pass thru)

    Basically I am having problem that if one user is connected a remote vpn gateway from inside our network that works fine , but as soon as another lan user connects to same vpn gateway the cisco client that connected first gets disconnected.

    Is this a short coming on RV082 over Nat , has anyone tried this. I am using the latest beta firmware.

    Anyone can help , any input would be great.

  2. TazUk

    TazUk Network Guru Member

    It's more a limitation of NAT than the RV082 specifically. Would a site-to-site VPN tunnel not be a better option?
  3. msabri

    msabri LI Guru Member

    Any one with a real answer , what are people doing or what router they use if they have to create multiple vpn using cisco client to a single gateway.

    Site to site vpn is not an option for us , we have to use cisco client.

    Any help would be appreciated.

  4. TazUk

    TazUk Network Guru Member

    Thanks :rolleyes:
  5. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    1st rule of netiquette: Forum Newbies don't dis the mod. :-O

    About your question. My understanding from reading between the lines in the user guide is that it will support multiple IPSec pass-thrus. My late, unlamented WRV54G did this and as the boxes use a similar code / hardware base I wouldn't be surprised if the RV082 did this too. This is very sophisticated functionality as you probably know since the router needs to keep track of an SPI/address mapping table for the IPSec Phase II traffic. This allows the gateway to send the traffic to a specific mapped inside host for return flows.

    A very common practice to punch multiple ESP traffic (stateless, no TCP or UDP port numbers) through a PAT'ng firewall is to enable NAT-T (NAT Traversal). Guaranteed that your Cisco VPN server (IOS router, firewall of concentrator) supports this feature. So does the client. You need to set up a policy on the server (it's on by default on the client) to negotiate NAT-T when the VPN establishes. This occurs during IKE Phase I. Nothing Cisco-proprietary about NAT Traversal per se, but configuring it makes VPN pass-thru moot unless the firewall is configured to block the specific UDP port (4500) that RFC-compliant NAT-T uses. Cisco also can be configured for their own proprietary Transparent Tunneling over UDP port 10000. Same basic idea, it dresses up that pesky ESP traffic in suitable attire to get through your PAT'ng device.
  6. TazUk

    TazUk Network Guru Member

    I'm not a mod :wink: although I did go and see The Who recently :biggrin:
  7. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I'm not a mod, but I did stay at Holiday Inn Express :wink:

    [Disclaimer: If this doesn't make sense it means you haven't been inundated with the same inane TV commericials we get in N. America]
  8. pablito

    pablito Network Guru Member

    I'm not a mod, but I play one on t.v. :)

    (This one shows how old I am. But at least I am no longer corrupted by tv. Had my fill long ago)
  9. ifican

    ifican Network Guru Member

    Not to take anything away from anyone but i think that msabri meant no disrespect, think you have to chock this one up to culture indifferences and language barrier. But i do have to say it was kinda funny. Now to the other point i was going to make. Mr Stewart, i sometimes think i am fairly well versed in cisco, however once again i am reminded that i am only a master in my own mind. ;-)
  10. pablito

    pablito Network Guru Member

    ^^It does get funny sometimes.

    I can't say for sure but I don't see a reason why this wouldn't work if configured right. I've done it many times but so far not with an RVx. Perhaps test with a simple router to verify it is the RV giving grief. If so then have a look at the latest beta firmware.

Share This Page