PIX 7 - Multiple remote VPN sessions from same public IP

Answered Question
Jan 31st, 2007

Hi,

Here is my problem:

Employee A and employee B make VPN connections to the same PIX with their Cisco VPN clients. Both employees are behind the same NAT device, hence have the same public IP address.

As soon as the second employee initiates the VPN connection, the first employee is disconnected.

I have a similar situation with a PIX version 6.x, and this does not occur. Both employees can connect at the same time, with the same credentials.

Here's the remote access VPN configuration that I use:

group-policy gpolicy attributes

dhcp-network-scope 10.X.X.X

vpn-simultaneous-logins 5

vpn-tunnel-protocol IPSec

ipsec-udp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splitTunnelAcl

user-authentication enable

client-firewall none

username remoteuser password remotepass

username remoteuser attributes

vpn-group-policy labtronix

vpn-simultaneous-logins 2

vpn-tunnel-protocol IPSec

group-lock value vpngroup

tunnel-group vpngroup type ipsec-ra

tunnel-group vpngroup general-attributes

address-pool ip_pool

default-group-policy gpolicy

Any and all input is appreciated.

Thanks.

I have this problem too.
0 votes
Correct Answer by acomiskey about 9 years 8 months ago

Most likely nat-t problem

add "isakmp nat-traversal" to pix

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Wed, 01/31/2007 - 13:23

Most likely nat-t problem

add "isakmp nat-traversal" to pix

Actions

This Discussion