cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
281
Views
0
Helpful
2
Replies

Remote Access VPN Client through NAT

ciberstlcsc
Level 1
Level 1

I currently have a PIX506e configured to provide remote vpn access to Cisco VPN Clients. A single client is able to connect successfully and have the intended network access. However as soon as I connect an additional client to the firewall from the same location (both addresses are NATed as the same address)both tunnels will stop working or one will not be able to connect.

Is the problem I'm experiencing because both of the clients have the same public address after NAT, or is it something else? Is there a way to work around this?

1 Accepted Solution

Accepted Solutions

shijogeorge
Level 1
Level 1

Hi,

Many to one NAT won't work if you are using ESP.

The solution for this is to enable NAT-T on PIX as well as the VPN client.

On PIX:

The following command enables NAT-T (For codes later than 6.3)

isakmp nat-traversal

On VPN Client:

On Transport Tab, check the 'Enable Transport Tunneling' Tab & select 'IPSec over UDP (NAT/PAT)'

HTH

Regards,

Shijo George.

View solution in original post

2 Replies 2

shijogeorge
Level 1
Level 1

Hi,

Many to one NAT won't work if you are using ESP.

The solution for this is to enable NAT-T on PIX as well as the VPN client.

On PIX:

The following command enables NAT-T (For codes later than 6.3)

isakmp nat-traversal

On VPN Client:

On Transport Tab, check the 'Enable Transport Tunneling' Tab & select 'IPSec over UDP (NAT/PAT)'

HTH

Regards,

Shijo George.

Thanks for you help. I didnt realize there was a separate nat-traversal command for isakmp. My problem is resolved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: