Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Multiple Cisco VPN Clients behind Watchguard Firebox 1000

I have two Cisco VPN software clients vers 3.5.1 that sit behind Watchguard Firebox 1000 on a remote network. These clients connect to a VPN 3000 concentrator on connected to my network. I have IPSec over UDP enabled on the client and on the concentrator.

The first client connects without issue. When the second client attempts a simultaneous connection, the first client is disconnected and the second connection is established. Below is the client log from the computer that gets disconnected. When the first client attempts to reconnect the second client gets disconnected.

I have verified all my settings to ensure no ports are being blocked and that I have enough connections availabe on the concentrator.

The log is attached because I exceeded the message size..thanks


Re: Multiple Cisco VPN Clients behind Watchguard Firebox 1000

It is in all likelyhood a PAT issue. You could check to see if the device in front of the client, the 'Watchguard Firebox' is configured for PAT. Cisco devices can be configured to solve this problem as shown in the document at

New Member

Re: Multiple Cisco VPN Clients behind Watchguard Firebox 1000

Watchguard Firebox is configured for dynamic nat or PAT. Could not view this document. Prompted for sign-on using CCO account but unable to display the document. Any suggestions on how I can get access to this document? Thanks


Re: Multiple Cisco VPN Clients behind Watchguard Firebox 1000

basically, you have a watchguard problem, not a cisco problem. you need to determine if they have a solution that allows you to do this. if it has any isakmp/IKE/IPSec proxy thing disable it (linksys home routers are notorious for it)

here is the other link from a non partner account. try that, but you need to tackle this from a watchguard perspective IMHO

CreatePlease to create content