10-04-2005 08:09 AM - edited 02-21-2020 02:01 PM
I currently have a PIX506e configured to provide remote vpn access to Cisco VPN Clients. A single client is able to connect successfully and have the intended network access. However as soon as I connect an additional client to the firewall from the same location (both addresses are NATed as the same address)both tunnels will stop working or one will not be able to connect.
Is the problem I'm experiencing because both of the clients have the same public address after NAT, or is it something else? Is there a way to work around this?
Solved! Go to Solution.
10-05-2005 02:16 AM
Hi,
Many to one NAT won't work if you are using ESP.
The solution for this is to enable NAT-T on PIX as well as the VPN client.
On PIX:
The following command enables NAT-T (For codes later than 6.3)
isakmp nat-traversal
On VPN Client:
On Transport Tab, check the 'Enable Transport Tunneling' Tab & select 'IPSec over UDP (NAT/PAT)'
HTH
Regards,
Shijo George.
10-05-2005 02:16 AM
Hi,
Many to one NAT won't work if you are using ESP.
The solution for this is to enable NAT-T on PIX as well as the VPN client.
On PIX:
The following command enables NAT-T (For codes later than 6.3)
isakmp nat-traversal
On VPN Client:
On Transport Tab, check the 'Enable Transport Tunneling' Tab & select 'IPSec over UDP (NAT/PAT)'
HTH
Regards,
Shijo George.
10-05-2005 05:25 AM
Thanks for you help. I didnt realize there was a separate nat-traversal command for isakmp. My problem is resolved.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: