> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Graham Jones > Sent: 15 September 2001 13:01 > To: GNAT Box Users Group (E-mail) > Cc: ADG > Subject: RE: You can't take it with you...
[snip] > It's even more restrictive. For our customer with version 3.1.3 > the GB-1000 is configured with 4 VPN authorisation profiles all > relating to the same VPN client. Each profile allows a > connection to a separate internal network at the customer. The > VPN client has 4 connections, one relating to each of the four > networks at our customer. > > If we have just one VPN authorisation profile on the GB-1000 it > is possible to connect to each of these networks - but not > simultaneously - and changing from one to another means waiting > for the secure connection to renegotiate. But with four > profiles and v3.1.3 it was possible to have four simultaneous > connections, one to each network. > > Now we have upgraded this customer to v3.2.1 it is clear that > only one VPN authorisation profile can be active at a time; > an attempt to access a second network fails. This despite > the fact that the same VPN client is being used to attempt the > connection to the second network. > > I cannot see that this is a reasonable restriction - because the > VPN client is the same for each connection. It therefore > appears that the licence is for the number of concurrent VPN > connections, not the number of concurrent VPN clients. In reply to my specific comments above about connection to several distinct networks behind a firewall, further testing has revealed that by configuring the VPN profiles on the GB-1000 and the VPN client to use the same identity for the connections to the different networks it is possible to access the four networks simultaneously. The configuration for v3.1.3 was configured like this; when we upgraded to v3.2.1 we saw warnings that the VPN profiles had the same identity and therefore modified the identities to be all different. I imagine under v3.1.3 that if the identities had been all different we would have seen the same limitation. I think we can live with the warnings about profiles with the same identity. Graham
