I am trying to set up a VPN 3030 that will be accessed by remote devices(routers) that receive their public IP address via DHCP. The Cisco document "ID 46002" was followed when setting this up.This document may be found at.
The VPN 3030 is running the IOS version 4.1.7.G
The inital set up with one remote device with a Security Association (SA) to the VPN 3030 (base group) using pre shared keys was succesfull. The pre shared keys were then replaced with digital certificates which also was successful.
The issue came when trying to connect a second remote device to the VPN 3030 (base group). When the second device connected and established its SA, the VPN 3030 issues a disconnect packet to the first device (or established SA).
When looking at the VPN 3030 logs with all IKE and IPSEC debugging enabled, it showed the VPN 3030 processes to create and send the disconnect message to the remote device.
To try and get around this problem, I then created on the VPN 3030 separate groups (group1 & group2) for each remote device and setup a filter tying each remote device and its digital certificate to a particular group (i.e. remote device 1 will only connect to the VPN 3030 group1 and remote device 2 will only connect to the vpn 3030 group2). Unfortunately the same problem still occured (established SA disconnected when second SA is established) although the remote devices were connecting to different groups configured in the VPN 3030.
Thinking there may be a problem using Digital Certificates, I then configured the second group to use pre shared keys, but again the same problem still persisted.
I could not find any reference to any limitation on the number of remote devices that receive their IP addresses via DHCP that can connect to the VPN 3030, I just hope that it is more than one.
If anyone has any ideas or knowledge of this I would greatly appreciate their input.