Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 506E and VPN client connections - Multiple connections

I have a PIX 506E (6.2) w/3DES license and VPN client software 3.6.3. I am only using group username and password to authenticate. The first user connection works great. Whenever the second user connects, the first is terminated and the second works great. The product lit states I should be able to have 25 simultaneous connections either site-to-site or client.

Any help will greatly be appreciated, Kyle

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX 506E and VPN client connections - Multiple connections

Are these two users at the same site, behind a device that is doing PAT? If so, then this device is causing the problem, not the PIX. The device is unable to properly translate IPsec packets. Unfortunately there's nothing you can do about it on the PIX, although the next release of software (6.3, available around March timeframe) will have support for NAT-T (which the client currently supports). Once both ends support NAT-T, they'll be able to tell there's a PAT device in between them and they'll automatically encapsulate everything in UDP packets, which your PAT device will be able to translate properly.

2 REPLIES
Cisco Employee

Re: PIX 506E and VPN client connections - Multiple connections

Are these two users at the same site, behind a device that is doing PAT? If so, then this device is causing the problem, not the PIX. The device is unable to properly translate IPsec packets. Unfortunately there's nothing you can do about it on the PIX, although the next release of software (6.3, available around March timeframe) will have support for NAT-T (which the client currently supports). Once both ends support NAT-T, they'll be able to tell there's a PAT device in between them and they'll automatically encapsulate everything in UDP packets, which your PAT device will be able to translate properly.

New Member

Re: PIX 506E and VPN client connections - Multiple connections

Thank you and yes they are behind the same router doing PAT. I will run the test from two different cities to verify.

Again, thanks, KRH

84
Views
5
Helpful
2
Replies