Strange VPN issue - concurrent logins

I use a VPN for work-related stuff. I recently tried to get my second computer on the VPN, and it worked, but it immediately disconnected Computer #1’s VPN connection. I’m trying to figure out why I can’t log on concurrently with two machines to this VPN.

Relevant details:

  • I’m using the same username for both logins. Password is provided by one of those little SecurID thingies.

  • I’m using the Cisco VPN Client software to log on. Now that I check it, one is version 4.8.00.0440, the other is version 4.0

  • Logging on twice with the same login works fine when you’re not at my house. For example, my coworkers and I all work remotely. If one of us doesn’t have our SecurID handy, we’ll IM another and get a login/password and it works just fine with both of us using the same login/password to access the VPN. In other words, it works fine, just not from my house.

  • I got a coworkers username/password, and tried logging on with that on the second computer. Same result - first computer’s VPN connection died immediately.

  • My router definitely handles more than one VPN connection. Mr. Athena and I both connect to different VPNs to work on a daily basis. In fact, there’s times where we’ve worked on joint projects, and both logged on to the same VPN with no problem. Just not this particular VPN.

I’m a software person, not a hardware person. Where do I even start on this one? I really need to get both computers logged on. Help!

Wow, one more weird thing - I just tried it again, then decided to check something so stopped before typing in the username/password. It kills my original connection even before asking for username/password. In other words, you bring up the VPN client, hit connect, and BANG! there goes my first VPN.

Maybe your company’s VPN just doesn’t allow two connections from the same IP address (the one you get allocated at home by your ISP)? Unless you have an unusual setup, all computers at your home will appear to be coming from the same IP address, as far as your company’s VPN gateway and everything else on the internet is concerned.

I don’t think that’s it; the home office of the company I work for is small, they just have one router and a few people. They all log in concurrently with no issues.

But thanks! Keep 'em coming!

>If one of us doesn’t have our SecurID handy, we’ll IM another and get a login/password and it works just fine with both of us using the same login/password to access the VPN.

It probably cant handle concurrent sessions with the same destination IP. In the scenario you describe you guys are connecting from different IPs. Your router is doing NAT and could be getting confused. Or the specific VPN device at work doesnt like what you are doing.

>I’m using the same username for both logins.

Your VPN at work may have 5 licenses and youre the 6th person trying to get in. Without knowing what the VPN server/router/concentrator is at work and its settings this is difficult to answer.

>Just not this particular VPN.

Im guessing this is the issue. Your work VPN is configured in a way or has a limitation that doesnt allow concurrent sessions from the same IP. Can someone at work check the logs in the device? It might give us some clues. Perhaps its set to detect spoofing or whatever.

>one is version 4.8.00.0440, the other is version 4.0

Are you allowed to update the 4.0 to 4.8? Perhaps its just confusing the VPN device that two different versions are coming from the same IP.

I don’t think that’s the issue - my home office has the same setup as I have (multiple computer, one router) and they are not having any issues with concurrent logins. I just double checked, they don’t have any special setup in regards to IPs, just the standard stuff the router does (ie, assign local IPs, but one IP going out)

That doesn’t explain the scenario where someone outside my local office can ask me for a login/password and they get in just fine.

Once again, the home office has the same setup I have here, and they don’t have issues.

Unfortunately, the owner of the VPN is a huge company. Getting logs is not going to happen anytime soon, I’m just not that high on the priority list.

I just tried two different 4.0 clients, same issue.

Thanks for the suggestions!

If there are any “NAT traversal” options in the VPN client software (“NAT-T”, “encapsulate in TCP”, “encapsulate in UDP”, things like that), it might be worth experimenting with those. Make a note of the original configuration so that you can go back to it.

>Once again, the home office has the same setup I have here, and they don’t have issues.

Perhaps I am not following. Does your home (or wherever here is) and home office have the exact same router? If so, is it the same firmware reivision? This is starting to look like a local router issue.

Just because it works for some other connection doesnt mean it will work for yours. VPN isnt a technology in itself. Its a class of technologies. There are so many different permutations of a VPN connection, it could be that the work one is different from the rest and your router is having some issues. Might want to look into a firmware update too.

I mean the “same setup” in that they have several machines using the same wireless router, and have not done anything special as far as IPs, therefore I don’t think the issue is that the VPN won’t allow multiple logins from the same IP.

All other router issues are fair game, obviously!

I have read that some routers have issues with more than one VPN. I don’t think that’s my issue as I’ve successfully logged on to multiple VPNs many, many times in the past. Just not this particular one, concurrently.

I wouldn’t be at all surprised to hear that your husband’s VPN, being a completely different type of VPN from yours, would coexist with yours but another Cisco VPN would trash you, when on the same router.

Would it be possible to swap routers to test? Preferably borrow the one from the other location, or buy the same model, or swap yours into there and see if you can introduce your problem to them :smiley:

Hmm.

For the heck of it, I hooked up a new router - something I’ve been meaning to do for, oh, 2 years now. Same brand, Linksys, just a newer router that I’ve had sitting around forever.

I had high hopes it would fix everything, but no. Same issue.

Darn!

I have had more than one computer on the same VPN, but not a Cisco one. Just used the standard windows VPN hookup.

Can’t swap routers, unfortunately - home office is hundreds of miles away. But I’ll check and see what their model is.

>Just used the standard windows VPN hookup.

That’s PPTP. The Cisco is most likely IPSEC. Maybe these devices cant do 2 IPSEC tunnels from the same IP. Is “NAT Traversal” or “VPN passthrough” enabled on the router and the software? I remember Linksys not enabling that by default.

A little googling produces this:

yeah, my previous employer had a Cisco firewall.
There were two of us at the same hotel, we tried to login and poof; second one disconnects first one.
The Tech guys did some magic to the cisco firewall VPN configs, and it would accept two VPN’s from same outside IP address after that.

VPN Passthrough is enabled on my router for IPSec, PPTP, and L2TP.

The only thing I see about NAT is something under “Advanced Routing”, it just says “NAT”, and it’s enabled.

In the client, the only thing I see about NAT is on the “Transport” tab, it says “Enable Transparent tunneling” and it’s set to IPSec over UDP (NAT/PAT).

Sounds like IPSEC over UDP isnt enabled in the Cisco VPN device.

That would make you wonder how it works for the people in the “home office”, though.

The home office probably has a site-to-site VPN. So they are only using one tunnel.