Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2112
Views
0
Helpful
5
Replies

ASA 5510 IPSEC VPN connection problem

Go to solution
sson
Level 1
Level 1

‎11-18-2010 01:55 PM - edited ‎02-21-2020 04:58 PM

Hello,

We have a ASA 5510 (ASA version 8.0) Remote access VPN configured and working for the most part but we have an issue when we have more than one client connecting from a same remote office.  When the first VPN client is connected from the remote office, everything works fine but when the second client connects to the VPN, it connects fine but not getting any traffice back to the client.  I can see under Monitor -> VPN Statistics-> Sessions -> Remote Access -> Bytes Rx is 0. Both connections are coming from the same public IP address of that remote office.  I changed some of the settings on NAT-T and a few other things but no success.

Could someone please help me how to fix this problem?

Thank you very much.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to sson

‎11-18-2010 02:32 PM

Make sure the clients are using it because most likely the're not. (default is NAT-T).

Federico.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-18-2010 02:18 PM

Hi,

This seems like the ASA knows it has a tunnel already established to the public IP of the remote site... and when another connection comes... the ASA won't send traffic via this other tunnel.

Can you try using IPsec-over-TCP?

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ike.html#wp1059912

Federico.

0 Helpful

Go to solution
sson
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-18-2010 02:30 PM

Thank you for your reply.  Yes, what you described is what is happening to our connetions.  I think all the traffic is only forwarding to the first connection that was made.  IPsec over TCP with TCP port 10000 is already enabled but we are still having the same problem.  Only one client can send and receive traffic and other clients don't receive any traffic from VPN.  I can take a look at our clients setting as well and make sure that they are using IPsec over TCP option.

Thank you for your input.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to sson

‎11-18-2010 02:32 PM

Make sure the clients are using it because most likely the're not. (default is NAT-T).

Federico.

0 Helpful

Go to solution
sson
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-19-2010 08:37 AM

It worked!!!! Thank you for your help Federico.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to sson

‎11-19-2010 08:44 AM

Glad I could help :-)

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents