I was wondering if it is possible to establish multiple simultaneous Cisco VPN Client connections behind a Cisco PIX 501 Firewall that is configured to use PAT. I haven't figured out how for one of our clients if it is possible.
When one pc starts a Cisco VPN client connection, another one can't. If that pc disconnects it can reconnect right away again. If that pc disconnects, a different pc has to wait about 15 minutes before it can establish a Cisco VPN client.
Before the PIX 501 they were using a Linksys Firewall and they could use multiple simultaneous Cisco VPN client connections behind it.
The error I see in the log on the PIX when a second connection is attempted is a portmap translation error with udp port 500. I have even tried using IPSEC over tcp for the transport on port 10000 for the second connection and it doesn't work (I don't see any error in the log on the PIX for the IPSEC over tcp). Either transport works fine for the Cisco VPN client connection if it is the first connection.
I read an article that stated this can only be accomplished if the Cisco PIX 501 is using NAT instead of PAT. But, that means my client would need multiple public IP addresses, right?