VPN connectivity

Hello all,

We are running with a dsl router at our end and connecting to the VPN at clients place(UK). The problem is that we are able to connect only one clientVPN at a time, when we connect other VPNclient then the first client is getting disconnected. Pls help in this.

Thanks,
Sunny

 

At clients place we have CISCO router and we are connecting through a cisco VPN client. This is happening only to that particular location (UK), as we have some cleints connected with the same VPN client to other locations AUStralia and US they are working fine.

 

I don't think that is right.

One of the vulnerabilities with VPN is that you can very easily add a unsecured network segment into your secure network.

Imagine your network is a castle and your firewall the moat around that castle. By opening a VPN connection to a single PC, you effectively build a foot bridge over the moat to the PC user. If you then let all outside traffic normal access to the PC, there is nothing to stop outside traffic using the footbridge to enter the castle without being blocked by the moat. The way to secure this is to block all access to the remote PC except via the footbridge while it is connected to footbridge. You effectively build a small wall round the PC itself isolating it from all traffic other than footbridge traffic. If the PC user needs to go somewhere else outside the castle, they have to go into the castle via the foot bridge and then out via the normal controlled exit.

That's exactly what client VPN software does. While it is connected, it closes off all other connection to the internet and forces all traffic over the VPN.

Therefore, client VPN software by its very nature, opens one VPN connection at a time and only one.

The solution is to install a network to network VPN. The simplest solution is either to use a similar Cisco router to the one your clients are using - or if you don't want to pay the "Cisco" premium, use an alternative VPN router. The cheapest reliable router I've used for network to network VPN is a Draytek router.

However, as your clients' network security could be compromised by insecurity at your network connection, I'd recommend you invest in a hardware firewall from the likes of Watchguard, SonicWall or Cisco, and use that to manage the VPN connection and secure your internet connection.

 

I wonder if that UK client is on the same subnet as the VPN host causing an IP conflict.
I don't think it's as big of an issue with a Client based VPN connection but if it were both subnets joined by VPN it's a major issue.

 

I think that would cause a failure to connect. That is, no connection rather than one connection at a time.

However it is a good point to consider when setting up a VPN - you need unique IPs within the VPN area. So you'll get a problem if you try to connect two 192.168.1.0 subnets together via VPN.