Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client Failure

With UDP encapsulation, is it possible to have multiple VPN clients behind a router that PATs to a single public IP address. IE: A DSL site with a Linksys router, can I have multiple client on the LAN side concurrently connect to the VPN Concentor. I know this is not possible without UDP encapsulation and I think it is not possible with UDP encapsulation but wanted confirmation one way or the other.

Thanks

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: VPN Client Failure

Hi,

your understanding is right, its not possible either ways in this scenario.

reason why, bcoz when you use IPSec/UDP, your IKE traffic is still sent using UDP500, and PAT device can't use same port for more than one machine, thas why you would see 2nd client disconnecting the first person, when you try/launch 2nd session from behind the same device.

solution is ipsec/tcp, vpn3000 v3.5+ (client/concentrator) support it.

my .02

Thx

Afaq

2 REPLIES
Bronze

Re: VPN Client Failure

Hi,

your understanding is right, its not possible either ways in this scenario.

reason why, bcoz when you use IPSec/UDP, your IKE traffic is still sent using UDP500, and PAT device can't use same port for more than one machine, thas why you would see 2nd client disconnecting the first person, when you try/launch 2nd session from behind the same device.

solution is ipsec/tcp, vpn3000 v3.5+ (client/concentrator) support it.

my .02

Thx

Afaq

New Member

Re: VPN Client Failure

thank you

95
Views
0
Helpful
2
Replies
This widget could not be displayed.