Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
0
Helpful
3
Replies

Multiple Cisco VPN Clients behind Watchguard Firebox 1000

mayhem2022
Level 1
Level 1

‎04-08-2004 11:39 AM - edited ‎02-21-2020 01:06 PM

I have two Cisco VPN software clients vers 3.5.1 that sit behind Watchguard Firebox 1000 on a remote network. These clients connect to a VPN 3000 concentrator on connected to my network. I have IPSec over UDP enabled on the client and on the concentrator.

The first client connects without issue. When the second client attempts a simultaneous connection, the first client is disconnected and the second connection is established. Below is the client log from the computer that gets disconnected. When the first client attempts to reconnect the second client gets disconnected.

I have verified all my settings to ensure no ports are being blocked and that I have enough connections availabe on the concentrator.

The log is attached because I exceeded the message size..thanks

Labels:
Preview file
24 KB
Preview file
24 KB
Preview file
24 KB
0 Helpful
3 Replies 3

jsivulka
Level 5
Level 5

‎04-15-2004 06:21 AM

It is in all likelyhood a PAT issue. You could check to see if the device in front of the client, the 'Watchguard Firebox' is configured for PAT. Cisco devices can be configured to solve this problem as shown in the document at http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html.

0 Helpful

mayhem2022
Level 1
Level 1
In response to jsivulka

‎04-19-2004 06:52 AM

Watchguard Firebox is configured for dynamic nat or PAT. Could not view this document. Prompted for sign-on using CCO account but unable to display the document. Any suggestions on how I can get access to this document? Thanks

0 Helpful

mostiguy
Level 6
Level 6
In response to mayhem2022

‎04-19-2004 09:44 AM

basically, you have a watchguard problem, not a cisco problem. you need to determine if they have a solution that allows you to do this. if it has any isakmp/IKE/IPSec proxy thing disable it (linksys home routers are notorious for it)

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html

here is the other link from a non partner account. try that, but you need to tackle this from a watchguard perspective IMHO

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents