How many concurrent client VPN connections from 1 public ip?

hmc25000
Getting noticed

How many concurrent client VPN connections from 1 public ip?

How many concurrent client VPN connections does the MX allow from 1 public ip address? We seem to run into issues when we have multiple VPN clients connect from a single location.  We use the native Windows VPN adapter with split tunneling to connect. 

6 Replies 6
Brash
Kind of a big deal
Kind of a big deal

Meraki Client VPN utilizes L2TP which only supports 1 connection initiated from a given public IP address.
If you require multiple VPN connections from the same public IP address, you'll need to use a different type of VPN (SSL, IKEv2 etc.) such as Anyconnect

Godcry123
Conversationalist

Experiencing same issue for one of our clients.

Wouldn't NAT-T resolve this issue?

Brash
Kind of a big deal
Kind of a big deal

I don't nearly know the L2TP+IPSEC stack well enough to answer this but (assuming it's accurate), this is a very good write up why this issue occurs:

 

https://forum.mikrotik.com/viewtopic.php?t=132823

Godcry123
Conversationalist

As you mentioned previously, SSL certificate for authentication works.

I had to deploy AnyConnect and automate user credentials via PowerShell to call the AnyConnect CLI.

Management hasn't approved the paid version of AnyConnect as of yet.

Thanks for your assistance!

alemabrahao
Kind of a big deal
Kind of a big deal

What is the MX model?
 
VPN users count as active connected users, so it has to be based on the maximum number of clients supported by each model.
 
For example, if the MX supports 50 clients, if you have 30 clients connected locally plus 5 connected via VPN Client, this means that you have 35 clients connected simultaneously, that is, theoretically you will still be able to connect another 15 VPN clients without problems.
 
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
hmc25000
Getting noticed

We have MX64 and MX250. Some of us have been able to do more testing and It looks now that 2 users can connect from a single public ip address

 

More users can connect but not from the same public ip address.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels