Ah! What Graham said solved a mystery for me - I have a Customer where each VPN client has two VPN connections defined, one to each of two networks behind the same GNAT Box.
The Customer is, of course, running into licensing problems because each VPN client is taking two licenses rather than one. The problem is that on the VPN Client there is no way to specify that one VPN connection can be used for multiple networks. On the GNAT Box end this can be handled by using Address Objects. It looks like what we need is some way to specify multiple networks in the VPN Client configuration. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Graham Jones [mailto:[EMAIL PROTECTED]] > Sent: Saturday, September 15, 2001 8:01 AM > To: GNAT Box Users Group (E-mail) > Cc: ADG > Subject: RE: You can't take it with you... > > > --------------------- Attention ----------------------------- > A digest version of this list is now available. > Send email to [EMAIL PROTECTED], with the following message: > subscribe gb-users-digest your_email_address > Then unsubscribe from this list. > ------------------------------------------------------------- > GNAT Box User Forum http://www.gnatbox.com/cgi-bin/Ultimate.cgi > Send postings to: [EMAIL PROTECTED] > Access the list archives at: http://www.gnatbox.com/gb-users/ > ------------------------------------------------------------- > > -----Original Message----- > > From: Mike Burden [mailto:[EMAIL PROTECTED]] > > Sent: 14 September 2001 23:42 > > To: [EMAIL PROTECTED]; GNAT Box Users Group (E-mail) > > Subject: RE: You can't take it with you... > > > > > > > -----Original Message----- > > > From: Graham Jones [mailto:[EMAIL PROTECTED]] > > > Sent: Friday, September 14, 2001 9:47 AM > > > To: GNAT Box Users Group (E-mail); ADG > > > Cc: ADG > > > Subject: RE: You can't take it with you... > > > [...] > > > "5. VPN - VPN client licensing is now enforced on the > firewall. > > > Previously licensing was enforced on the workstation. > > > > > > 6. VPN - Systems that support mobile VPN clients > (GB-100, GB-1000, > > > and GB-Flash) now support one mobile VPN client > connection by > > > default. Additional concurrent connections require > > > the purchase > > > of activation codes." > > > > > > I don't understand how 5 works, but I can see that 6 will be > > > relevant for > > > users wanting more than two or more concurrent VPN > > > connections - and that > > > each GB-1000 of a HA pair will require an activation code. > > > Is this what > > > Mike Burden meant? > > > > > > That's exactly right. If you have an HA pair and need 10 concurrent > > VPN users, then you actually have to purchase two 10 user > VPN licenses, > > one for each GB-1000. > > > > Mike Burden > > Lynk Systems > > http://www.lynk.com > > (616)532-4985 > > [EMAIL PROTECTED] > > It's even more restrictive. For our customer with version > 3.1.3 the GB-1000 > is configured with 4 VPN authorisation profiles all relating > to the same VPN > client. Each profile allows a connection to a separate > internal network at > the customer. The VPN client has 4 connections, one relating > to each of the > four networks at our customer. > > If we have just one VPN authorisation profile on the GB-1000 > it is possible > to connect to each of these networks - but not simultaneously > - and changing > from one to another means waiting for the secure connection > to renegotiate. > But with four profiles and v3.1.3 it was possible to have > four simultaneous > connections, one to each network. > > Now we have upgraded this customer to v3.2.1 it is clear that > only one VPN > authorisation profile can be active at a time; an attempt to > access a second > network fails. This despite the fact that the same VPN > client is being used > to attempt the connection to the second network. > > I cannot see that this is a reasonable restriction - because > the VPN client > is the same for each connection. It therefore appears that > the licence is > for the number of conncurrent VPN connections, not the number > of concurrent > VPN clients. > > Regards, > � > -- Graham Jones > Linnet Solutions Ltd. > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 01953 717605 or > 077 74 894200 > � > > ---------------------------------------------- > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe gb-users your_email_address > in the body of the message >
