Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA Allows only 1 IPSEC RAS VPN Client

Hi All,

I have a strange issue where an ASA 5510 that is configured for IPSEC-over-udp RAS VPN is only allowing one (1) vpn client to pass traffic.

The other clients can connect successfully (obtain IP/DNS etc, auth using LDAP)but only the client that connected first is able to browse internal resources. The others show 0 packets decrypted when I check the statistics. I have confirmed that it is not an issue with the license as the default ipsec license allows up to 250 clients I believe. Has anyone had this problem in the past?

Tks,

Donavan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA Allows only 1 IPSEC RAS VPN Client

This is usually a problem with the translations that are occuring on the NAT/PAT device in front of these multiple machines:

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K71102938

Check that the translations look correct on that device first. There should be a translation for each VPN.

There were also a few bugs about multiple clients behind the same PAT, such as CSCse03299, but these had to do with IPSec over TCP connections.

-heather

2 REPLIES
Cisco Employee

Re: ASA Allows only 1 IPSEC RAS VPN Client

This is usually a problem with the translations that are occuring on the NAT/PAT device in front of these multiple machines:

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K71102938

Check that the translations look correct on that device first. There should be a translation for each VPN.

There were also a few bugs about multiple clients behind the same PAT, such as CSCse03299, but these had to do with IPSec over TCP connections.

-heather

Community Member

Re: ASA Allows only 1 IPSEC RAS VPN Client

Thanks for your response Heather, only problem is that I don't have access to the NAT/PAT devices in front of the VPN clients - Most of the locations are public hotspots :)

Donavan

465
Views
0
Helpful
2
Replies
CreatePlease to create content