Solved: VPN Client Failure

dladen · ‎03-21-2003

With UDP encapsulation, is it possible to have multiple VPN clients behind a router that PATs to a single public IP address. IE: A DSL site with a Linksys router, can I have multiple client on the LAN side concurrently connect to the VPN Concentor. I know this is not possible without UDP encapsulation and I think it is not possible with UDP encapsulation but wanted confirmation one way or the other.

Thanks

afakhan · ‎03-21-2003

Hi,

your understanding is right, its not possible either ways in this scenario.

reason why, bcoz when you use IPSec/UDP, your IKE traffic is still sent using UDP500, and PAT device can't use same port for more than one machine, thas why you would see 2nd client disconnecting the first person, when you try/launch 2nd session from behind the same device.

solution is ipsec/tcp, vpn3000 v3.5+ (client/concentrator) support it.

my .02

Thx

Afaq

View solution in original post

afakhan · ‎03-21-2003

Hi,

your understanding is right, its not possible either ways in this scenario.

reason why, bcoz when you use IPSec/UDP, your IKE traffic is still sent using UDP500, and PAT device can't use same port for more than one machine, thas why you would see 2nd client disconnecting the first person, when you try/launch 2nd session from behind the same device.

solution is ipsec/tcp, vpn3000 v3.5+ (client/concentrator) support it.

my .02

Thx

Afaq

dladen · ‎03-22-2003

thank you