Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem with Multiple NAT Clients Connecting - 3060

Configuration: Clients using personal routers (Netgear, Linksys, etc.) doing 1 to many NAT connecting to a 3060 will drop the first VPN client connection when 2nd VPN client connection is initiated. 3060 Concentrator is running 3.5.2A and is NOT configured for:

Configuration | Policy Management | Traffic Management | NAT | Enable


Configuration | System | Tunneling Protocols | IPSec over TCP

Question: Would enabling either of these help, If so which is better? If not, what might help?

Concern: What impact would it have on existing users?

Thanks! ---Mike

Cisco Employee

Re: Problem with Multiple NAT Clients Connecting - 3060


Some of the older versions of these PAT devices had that problem, I think starting from v1.40 and higher on linksys the issue went away, also try disabling the IPSec passthrough feature on it and see if that works. This issue usually occurs on the way these PAT devices are doing PAT implementation and rather then giving out different port mappings to each request they give out the same for each IKE packet going through.

Hope this helps,



New Member

Re: Problem with Multiple NAT Clients Connecting - 3060

Aamir, are you reffering to IPSec passthrough on the Clients? If so, we have already tried disabling that and with just about every personal router out there (Netgear, Linksys, Netopia, etc).

Cisco Employee

Re: Problem with Multiple NAT Clients Connecting - 3060

You definitely should use either the nat transparency or ipsec over udp option on the concentrator to get multiple clients to work behind a nat device. Make sure the option is selected on the client as well.

As to which one is better,

nat tranparency needs only the tcp port you enable.

Ipsec over udp requires udp 500 and the other udp you enable.

There is also a new udp nat transparency option on version 3.6 that does everything on udp 4500

Existing uses should wok as per normal.

CreatePlease login to create content