11-06-2007 07:55 AM - edited 02-21-2020 03:21 PM
I have a network behind a 515e pix, and I need to get multiple users to connect out to a remote ipsec vpn, but I am having trouble doing it. I think that I have done everything correctly, including the configuration of nat-t, but the client software (IBM global client) always fails on key negotiation. According to the vpn provider, the error that comes up refers to a firewall error. This pix is also a vpn endpoint for multiple site to site vpns. Is that causing a problem? Also, do I need multiple ip addresses to do this, or am I fine using pat.
Thanks
Eric Eades
11-13-2007 11:11 AM
You can resolve this issue by - port address translation. The only workaround to support multiple concurrent user is to have
them assigned to different groups using different UDP ports. VPN Client GUI Error Lookup Tool:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_tech_note09186a00801f253d.shtml
11-13-2007 11:36 AM
if your pix is running 7.x or newer, you can enable ipsec inspection.
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: