Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Only one VPN Client with NAT connects to the VPN tunnel
If two clients behind the same Network Address Translation (NAT) router try to access the PIX/ASA Firewall for VPN access, only the first one gets a working tunnel.
You must configure NAT Transparency on the PIX/ASA.
The IPsec NAT Transparency feature introduces support for IPsec traffic to travel through NAT or Point Address Translation (PAT) points in the network and addresses many known incompatabilites between NAT and IPsec.
NAT Transparency uses User Datagram Protocol (UDP) port 4500 in order to encapsulate IPsec packets. By default, PIX/ASA drops all inbound connections that come from the outside. You must open this port in order for NAT Transparency to work.
NAT Traversal is a feature that is auto-detected by VPN devices. There are no configuration steps for a router that runs Cisco IOS Software Release 12.2(13)T and later. If both VPN devices are NAT Transparency capable, NAT Traversal is auto-detected and auto-negotiated.