Strange behaviour for VPN client behind PAT

bvvaidya · ‎10-27-2003

I was trying to set up 5 VPN clients(version 3.6) behind a PAT device at a remote site office towards a VPN3000(at central site).

I have turned on the NAT-traversal but anyone time only 2 clients can connect to the VPN3000. When the third client start to initiate a connection. Both initial vpn connections died.

I have attached the client pcf file.

Any help is appreciated.

Thanks

[main]

Description=

Host=xxx.com.sg

AuthType=1

GroupName=RAS

GroupPwd=

enc_GroupPwd=xxxxxxxxx

EnableISPConnect=0

ISPConnectType=1

ISPConnect=SBnet

ISPCommand=

Username=jkasbx

SaveUserPassword=0

UserPassword=

enc_UserPassword=

NTDomain=

EnableBackup=0

BackupServer=

EnableMSLogon=1

MSLogonType=1

EnableNat=1

CertStore=0

CertName=

CertPath=

CertSubjectName=

CertSerialHash=00000000000000000000000000000000

DHGroup=2

ForceKeepAlives=0

PeerTimeout=90

EnableLocalLAN=1

TunnelingMode=1

TcpTunnelingPort=10000

SendCertChain=0

VerifyCertDN=

EnableSplitDNS=1

ForceNetLogin=-1

a-vazquez · ‎10-31-2003

Since you have already enbled NAT-T, the only other thing that springs to mind is to check whether IPSec/UDP port 4500 is open. Sometimes IPSec/TCP could also work. Also the router thats doing the PAT does it support mutiple VPN's?

bvvaidya · ‎11-02-2003

correct me if i am wrong. if more than one client could connect to the concentrator doesn't it means that the firewall port has been opened?

Same sentiment for the router that is doing the PAT as well.

I have a feeling that it might be the client ip pool assigned to the group. I'll check it out.