IT Employment

Make sure that your IP address pool is set up correctly. Is your router assigning IP addresses to internal hosts with DHCP? Is your VPN Concentrator also assigning internal network addresses with DHCP? If so, there could be an address conflict which could cause hosts to get booted out.
What you might do is set up a reservation scope on the router, and use that range on your concentrator.

IF the users behind the router are being NAT'ed to the same IP address then only 1 user will be able to connect to the VPN headend device. The way around it is to have each user connect to the VPN device on a different port the Cisco client supports using different ports for connectivity to a headend device.

We had a similar issue of some contractors working from a home office and both could NOT connect to our VPN at this govt office at the same time.

We found that you either needed to enable NAT-Traversal on the PIX side OR the home users needed to use a broadband device that supports multiple PPTP connections.

The problem, at least what we found, was that the connections need a way to be differentiated and that is where PAT comes in. Each connection comes from the same address but has a different socket (port) and as long as your PIX "see" these different connections the VPN works fine.

As for staff getting booted off, have you tried updating the PIX to make sure you aren't running into some known issue? Just a thought.

Hope this info helps..good luck

Best solution is to create a VPN tunnel for users at the remote office and use a Cisco 3000 concentrate in the main office for the vpn tunnel to connect. Then the users can connect normally without each using VPN.