cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
273
Views
0
Helpful
3
Replies

Problem with Multiple NAT Clients Connecting - 3060

1mjones
Level 1
Level 1

Configuration: Clients using personal routers (Netgear, Linksys, etc.) doing 1 to many NAT connecting to a 3060 will drop the first VPN client connection when 2nd VPN client connection is initiated. 3060 Concentrator is running 3.5.2A and is NOT configured for:

Configuration | Policy Management | Traffic Management | NAT | Enable

or:

Configuration | System | Tunneling Protocols | IPSec over TCP

Question: Would enabling either of these help, If so which is better? If not, what might help?

Concern: What impact would it have on existing users?

Thanks! ---Mike

3 Replies 3

awaheed
Cisco Employee
Cisco Employee

Hi,

Some of the older versions of these PAT devices had that problem, I think starting from v1.40 and higher on linksys the issue went away, also try disabling the IPSec passthrough feature on it and see if that works. This issue usually occurs on the way these PAT devices are doing PAT implementation and rather then giving out different port mappings to each request they give out the same for each IKE packet going through.

Hope this helps,

Regards,

Aamir

Aamir, are you reffering to IPSec passthrough on the Clients? If so, we have already tried disabling that and with just about every personal router out there (Netgear, Linksys, Netopia, etc).

You definitely should use either the nat transparency or ipsec over udp option on the concentrator to get multiple clients to work behind a nat device. Make sure the option is selected on the client as well.

As to which one is better,

nat tranparency needs only the tcp port you enable.

Ipsec over udp requires udp 500 and the other udp you enable.

There is also a new udp nat transparency option on version 3.6 that does everything on udp 4500

Existing uses should wok as per normal.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: