Hello dear friends,
I am using the Vigor 2925 with great results in my company. I have setup about 14 ipsec VPN remote dial-in users and 4 ipsec Lan to Lan VPN and each of them connect just perfectly. I have also made the setup carefully so that each user and each lan to lan has it's own ipsec psk password so in case someone loses his laptop I can simply delete the appropriate dial-in vpn profile without affecting others.
The remote dial in users use the software "thegreenbow vpn client" and the Lan to Lan users have Draytek and Zyxel routers on their site.
For the dial-in vpn users I have setup the vpn client "thegreenbow" to use diferrent ip addresses (for example one has 192.168.55.100, the other 192.168.56.100 and so on)

Recently I found out that when two ipsec dial-in users were using the same public ip address (they were both in the same hotel or in the same building sharing wifi) only one of them could connect. Actually both were connected but after exactly 11 minutes the one would get disconnected.
I thought it might be a coincidence but I reproduced the problem my self from home wifi using the laptops. Only one ipsec vpn could go on. The second ipsec vpn will go down after 11 minutes.

In the other company that I work, we have Checkpoint router and a branch office of 12 PCs-Laptops connects to us all simultaneously using checkpoint vpn client software. So clearly there must be a way to accomplish this with Draytek.
Do you have any thoughts - ideas please?
Thanks in advance

OK I think I have found out what is causing the disconnect problem and will share here.

Multiple ipsec vpn connections behind a single public IP get disconnected only when aggressive mode is enabled in TheGreenbow vpn client. Ofcourse you need aggressive mode (it will not connect otherwise) when you have setup the dynamic ip dial-in user to connect with peer id his email in order to enable personalized ipsec vpn passkey in Vigor remote dial-in user profile.
In case the dial-in user has static ip you don't need aggressive mode (as you don't set peer id) and you can have personalized vpn passkey.

Just to remind also that disconnect with aggressive mode will occur only when more than one dial-in ipsec vpn users are connected with the same public IP.